TechAnarchy

[...] . Once your done if you want to remove these entries just enter the following. and As usual questions queries comments below. [...]

[...] .   Install & Configure Kippo Install & Configure Kippo Graph   As usual questions queries comments below [...]

[...] ,  Stick a Fork in the Git (when I release it), Mail me on msce@techanarchy.net or as usual Questions Queries Comments below. [...]

[...] and any data stored in the DB is likely to be destroyed when it goes live. As usual questions queries comments below. [...]

[...] jRat here is an article I wrote for eForensics Magazine: Extracting Network Signatures from malware samples, jRat a case study. The basic premise was to identify how the protocol worked. Once you have [...]

[...] to have a play, I am running a free Web instance that has been pre loaded with a handful of malware samples. Most of the functionality is in place, Some was removed for the sake of security. On that [...]

[...] As with most things in life there are a variety of methods that can be used for storing malware samples, each with their own set of pros and cons. Lets start with the where. Your malware needs to [...]

[...] , instead I am going to look from an Incident Response perspective. Identify IOC’s from malware samples so you know what to look for on your estate. Use host based analysis to identify compromised [...]

[...] victim contains a lot of information hardcoded inside the malware itself. Typically these configuration settings are obfuscated or encrypted so they are not immediately accessible, but they still have [...]

[...] file we see clear text strings including our domain name and other settings indicative of configuration settings. I repeat the test against a couple more samples and everything looks great until . . . [...]

[...] on GitHub that will hold a collection of Python Scripts that will extract and decode the configuration settings from common rats. Each of these decoders is already running on http://malwareconfig.com [...]

[...] no errors. Ok now we have the python bit installed lets see about getting it into EnCase. The Python Script In this instance we don’t need to make any modifications to our script we just need it [...]

[...] Several Months ago I wrote a python script that helped me mount Disk and partition images. You can read the original post here. It worked [...]

[...] and detectors of APT tradecraft. Before i discovered the ChopShop Toolset i was working on a python script that if provided with compromised network traffic would allow you to view the actions that [...]

[...] these configurations. Currently and somewhat unimaginatively named as the “Malware Sample Configuration Extractor” it is capable of extracting Configs from the following: Supported Malware Bozok [...]

[...] and its contents used to install / configure and launch the RATs main program. Malware Sample Configuration Extractor Because the RAT uses a hardcoded password in all V1 and V2 variants once we have [...]

[...] to identify it as a different sensor and you should be good to go. You dont need to run the Snorby install or configuration. As usual Questions Queries Comments below. [...]

[...] I wanted a more static approach that would be easier to implement and scale nicely The Config The malware that is delivered to the victim contains a lot of information hardcoded inside the malware [...]

[...] traffic at two seperate points. One protecting my home network the other connected to my malware lab which helps me write rules and identify malware based on its traffic. Both sensors report in to [...]

Hello and welcome to 2015. Hope you all had a great Christmas and a Happy New Year. As I said in my last post of 2014 this year I plan to get more [...]