Updated: 2025-01-06 07:10:28
When I teach FOR610[1], I like to use a funny quotation with my students: “Make malware happy!†What does it mean? Yes, we like malware, and we need to treat it in a friendly way. To help the malware work or detonate successfully, it's recommended that we replicate the environment where it was discovered (or at least, as much as possible). This is not always easy because we often receive a sample outside of its context.
Updated: 2025-01-06 02:37:57
When I teach FOR610[1], I like to use a funny quotation with my students: “Make malware happy!†What does it mean? Yes, we like malware, and we need to treat it in a friendly way. To help the malware work or detonate successfully, it's recommended that we replicate the environment where it was discovered (or at least, as much as possible). This is not always easy because we often receive a sample outside of its context.
Updated: 2025-01-02 14:48:21
Internet Storm Center Sign In Sign Up Handler on Duty : Xavier Mertens Threat Level : green previous My next : class Reverse-Engineering Malware : Malware Analysis Tools and Techniques Amsterdam Jan 20th Jan 25th 2025 Goodware Hash Sets Published 2025-01-02. Last Updated 2025-01-02 14:04:48 UTC by Xavier Mertens Version : 1 0 comment(s In the cybersecurity landscape , we all need hashes A hash is the result of applying a special mathematical function a hash function that transforms an input such as a file or a piece of text into a fixed-size string or number . This output , often called a hash value , rdquo digest , rdquo or checksum , rdquo uniquely represents the original data . In the context of this diary , hashes are commonly used for data integrity checks . There are plenty of them
Updated: 2024-12-31 07:09:10
While most of us are preparing the switch to a new year (If it's already the case for you: Happy New Year!), Attackers never stop and implement always new tricks to defeat our security controls. For a long time now, we have been flooded by sextortion emails. This is a kind of blackmail where someone threatens to share explicit images or videos unless the victim meets their demands. Even today, I receive regularly some of them.
Updated: 2024-12-27 10:25:02
It is again the time of the year when scammers are asking to verify banking information, whether it is credit cards, bank card, package shipping information, winning money, etc. Last night I received a text message to verify a credit card, it is case a Bank of Montreal (BMO) credit card.
Updated: 2024-12-26 00:14:28
By default, DShield Honeypots [1] collect firewall, web and cowrie (telnet/ssh) [2] data and log them on the local filesystem. A subset of this data is reported to the SANS Internet Storm Center (ISC) where it can be used by anyone [3]. A common question that comes up from new users is whether there is any benefit to collecting PCAP data from the honeypots if the active services are already being logged. One example I often give of a useful benefit of having PCAPs is HTTP POST data. This data is not currently captured within the web honeypot logs, but can be seen within the PCAP data.
Updated: 2024-12-25 07:58:25
Occasionaly I decompile Python code, with decompilers written in Python. Recently I discovered Decompyle++, a Python disassembler & decompiler written in C++.
