Archive for the ‘malware’ Category

Installation Ananlysis Tool – InsMoN

Tuesday, December 16th, 2014

InsMoN is a software developed in order to monitor an installation process or an executable process. It informs the user about File changes, Registry changes, Connections as well as the name each process started by the sample.

This software was built in Python, in order to be available for both x86, 64 bit Windows systems. In order to test and use this software please visit the following links. Standard disclaimers apply – use at your own risk!

For more information, please visit the InsMoN project page

Incident Repsonse Tool for malware protection

Friday, October 3rd, 2014

“Security is about systems failing gracefully” (B. Schneier). When it comes to malware protection, anti-virus products fail rather frequently. So how can we make a system fail gracefully when an a/v fails and we eventually get infected?

This question gave birth to Pholus. This program attempts to defend a computer system against ransomware and some types of banking trojans by monitoring the network connections and responding to “suspicious” communication attempts.

This software was built in Python, in order to be available for both x86, 64 bit Windows systems. In order to test and use this software please visit the following links. Standard disclaimers apply – use at your own risk!

You can download the Pholus setup file here.

For more information, please visit the Pholus.

 

straight from Kaspersky’s mouth

Tuesday, July 1st, 2014

XP Doomsday

Wednesday, October 9th, 2013

On April 8, 2014, Microsoft ends XP support. This means that it is very likely that there will be no security updates. If this happens we will experience 0-days with really long life spans.

In case there are still XP boxes out there, here is a countdown timer to set as a default home page for your browser.

Other than that, XP users, you will be on your own.

cuckoo-profiler available

Tuesday, August 20th, 2013

Profiler is an extension for the cuckoo malware analysis tool. The code is open-source and available on google code. Feedback is highly appreciated.

javascript revelations with revelo

Monday, June 24th, 2013

Obfuscated javascript snippets are very popular; in all cyberdefense exercises we have participated in, obfuscated javascript was on the top of the scenarios list. Revelo is a very neat tool that can greatly assist in quickly analysing obfuscated code. Many thanks to KahuSecurity, for the continuous efforts to develop this tool!

var _0x2d61=["\x48\x65\x6C\x6C\x6F\x20\x57\x6F\x72\x6C\x64\x21","\x0A","\x4F\x4B"];var a=_0x2d61[0];function MsgBox(_0x2949x3){alert(_0x2949x3+_0x2d61[1]+a);} ;MsgBox(_0x2d61[2]);

Malware on the rise, AVs on the spot

Monday, December 3rd, 2012

An interesting evaluation of AV solutions here. Not sure if this list will be valid in a week’s time.

 

The Lives of Others – cyberspace edition

Thursday, November 17th, 2011

Yep, it seems that history may as well repeat itself in a modern context though.

Members of the Chaos Computer Club have analysed an intercepted segment that strongly supports the view that German government has deployed its own spyware.

I have to note that I had met members of CCC back in the late 90′s – incidentally I am very grateful for daveg for the introduction – and these guys do know what they are talking about.

Details here.

Stuxnet for dummies

Monday, June 20th, 2011

A neat little video outlining Stuxnet’s modus operandi:

Stuxnet: Anatomy of a Computer Virus from Patrick Clair on Vimeo.

Mal-flash-ware

Thursday, June 16th, 2011

Who needs to improve on social engineering when Adobe does the trick for you?

http://it.slashdot.org/submission/1652664/Adobe-Patches-Second-Flash-Zero-Day-In-9-Days


Copyright © 2017 Information Security and Incident Response Research Unit. All Rights Reserved.
No computers were harmed in the 0.385 seconds it took to produce this page.

Designed/Developed by Lloyd Armbrust & hot, fresh, coffee.