Category Archives: Notes

Superb Automated Malware Binary Analysis Service – Figure out what malware does in minutes

These days, malware are VM aware to defend against automated analysis tools such as anubis, cukoo. And these automated analysis are based on behaviour analysis of malware that gives only tip of what actually it does as they are now … Continue reading

Posted in Articles, Notes, security | Tagged , , | Leave a comment

Data Loss Prevention

DLP Technology is just a technology and is effective when implemented with business case driven by specific requirement.     Full notes – HERE

Posted in Articles, Notes, security | Leave a comment

Analyzing Java exploit with deobfuscating Javascript

A suspicious .class file download triggered the alert. GET /jb/kukukuk.class HTTP/1.1User-Agent: Mozilla/4.0 (Windows ) Java/1.6.0_22Host: 2374507291Accept: text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2Connection: keep-alive Now we can observed that Host is an octal host and user agent indicated java and … Continue reading

Posted in Articles, Notes, security | Tagged , , , , , | Leave a comment

Auditing Event 565,565 — Finally my scrached head got peace

From last one month i am scraching my head as how to monitor and review Event 565, 566 logs Logs we receive from SIEM is of size >30MB so that opening and reviewing the is too difficult and my excel … Continue reading

Posted in Articles, Notes | Tagged , , | Leave a comment

Using “volatility” to study the CVE-2011-0611 Adobe Flash 0-day

A very good explanation of memory forensic analysis using volatility of a memory dump after infection with Adobe 0-day vuln CVE-2011-0611 http://sempersecurus.blogspot.com/2011/04/using-volatility-to-study-cve-2011-6011.html http://bugix-security.blogspot.com/2011/04/cve-2011-0611-adobe-flash-zero-day.html

Posted in Articles, Notes | Tagged , , | Leave a comment

RawCap..very nice simple tool for Incident Responder

Sniffing the target under question using wireshark with winpcap installed or port mirroring for sniffing is a little headache which can very well be avoided. In a larger companies we have Regional analysts who would help us getting this done … Continue reading

Posted in Articles, Notes | Leave a comment

Is Dumbella really required??

It appears to be looking at DNS trasactions from Dumbella Threat reputation system that provides list of identified C&C domains. But we can obtain such list freely over internet with sites such as shadowserver.org, http://www.malwaredomains.com/updates/, malwaredomainlist.com etc which we can … Continue reading

Posted in Articles, Notes | Tagged , , | Leave a comment