Kahu Security

2018-05-19

For awhile these attacks contained code that pointed to a webserver was down. Seems they changed servers and everything is up and running again. The POST...

2018-04-15

The constant barrage of malicious emails seeping into your users’ inboxes appear to be coming from Emotet, Hancitor, and Trickbot. Here are charts from...

2018-03-30

A script was left behind on a compromised machine. This led to the discovery of a Windows backdoor written in JavaScript and the C&C backend scripts...

2018-02-26

“Sophisticated” in that the spammer obfuscated the mailer script quite well. He/she apparently put quite a bit of work into concealing and protecting...

2017-11-01

I was sent a PHP script that was protected by PHPJiami which you can find here. PHPJiami is a decent PHP obfuscator that appears to be able to bypass...

2017-06-25

I spent the past several months porting Converter to the .NET Framework and am finally able to release a public version of it. Many of the original functions...

2017-05-26

An analysis of an infected PC revealed that an attacker used several NSA tools just four days after the Shadow Brokers’ dump then it burned the PC with...

2017-05-03

Another update to the exploit kit scene. There’s been some changes but nothing very exciting. We can’t put our guards down however since this could change...

2017-02-28

It all started with a malicious RTF document attached to an email and a request from reader Chris (thanks for your request and help!) to locate the embedded...

2016-11-06

It’s been awhile since I updated this; my apologies for the delay to those who have been asking. Many thanks to Kafeine for his expertise and invaluable...