Category Archives: Malware

Solving GrrCon15 Memory Challenge with VolUtility

After seeing that Brian Baskin and Tony Cook had published a writeup solving the GrrCon 2015 Memory challenges I thought this would be an ideal way of testing VolUtility, A way to make sure that i have covered all the features, and if not then how to try and add them so it does. Plus it looked like fun :)… Read more »

Viper – Modules – Office

      No Comments on Viper – Modules – Office

This follows on from the post detailing the basic usage of viper. If you have not read that post I would start there. An index of all the modules can be found here. Office The office module is designed to extract meta data and stream information from a variety of office formats. As before this will showcase the analysis features of Viper… Read more »

Home IDS with Snort And Snorby

      14 Comments on Home IDS with Snort And Snorby

An Intrusion Detection System at is simplest is a network monitoring tool. It is designed to match patterns in network traffic that can be used to indicate malware infections, bad traffic or policy violations. You can read more about IDS here. I have discussed IDS installation in one of my early posts. In that post I used a pre-built, ready… Read more »

Viper in the browser

      3 Comments on Viper in the browser

Merry Christmas, Happy New Year and Seasons greetings to you all. This is my final post of the year. Next year I am hoping to post more content on a regular basis. I’m upgrading the lab at home and rebuilding it from the ground up. I have prepped most of the Virtuals and have documented their build process and usage… Read more »

How Safe is Public Wifi

      1 Comment on How Safe is Public Wifi

Imagine this scenario. . . You’re sat at your favourite Coffee Shop and you connect to the local Wi-Fi. You login to Facebook and see what your friends are doing, jump on amazon to buy a gift you pay with PayPal and finally open your Gmail account to see all the confirmation emails. What would you say if i told you there is… Read more »

Decoding NanoCore Rat

      1 Comment on Decoding NanoCore Rat

NanoCore is one of many Remote Access Trojans that are available. This particular rat is a so called premium rat which means it comes with a price tag. The current price to buy the latest version is $20. In the Authors own Words However as this is a premium rat it is also one of the types that many coders try… Read more »

Look inside a Dark Comet Campaign

      2 Comments on Look inside a Dark Comet Campaign

As many of you who read this blog will know i have a fondness for researching RATS. In this post im going to stay on the same topic but im going to change the perspective. To date i have concentrated on understanding how the ‘Server’ was holding the configs and how to extract them. Now im going to look at… Read more »

RAT Decoders

      8 Comments on RAT Decoders

I have talked about decoding RATS several times now in previous posts and if you have read them you will know that im creating Static decoders for the most common Remote Access Trojans. In this post ill be releasing a handful of the static decoders i have written so far. I have set up a Repo on GitHub that will… Read more »