When performing dynamic analysis of malware, you will occasionally encounter SSL being utilized for network communication, thus preventing you from analyzing the content. Typically Wireshark is utilized to examine network traffic at the packet level. Wireshark has an SSL dissector that allows for the decryption of SSL traffic if you provide the decryption keys. This technique is described in deta
最近、様々なメディアでサイバー攻撃についてのニュースが報道されている。このようなサイバー攻撃のいくつかは、標的型メールを利用していたと報告されている。標的型メールとは、ある特定の組織や個人に限定して送信される不正なメールである。この標的型メールは、ターゲットが限定されているため、ウイルス対策ベンダーでも検体の収集が難しく、ウイルス対策ソフトでの対応が難しいという特徴がある。 標的型メールには、不正なファイルが添付されていることが多い。添付されているファイルは主に以下の2種類である。 1.exeファイルまたは、zipなどで圧縮されたWindows実行ファイル 2.脆弱性を攻撃する不正なコードが含まれたドキュメントファイル このうち、最近注目を集めているのが2番目。不正なコードは、クライアントパソコン(PC)にマルウエアを感染させようとするプログラムである。ドキュメントを開くアプリケーションに
WhatTheFunct? Hey folks! This time I’m gonna share with you a small IDAPython tool made by Federico Muttis (aka @acid_. Maybe you remember him from the -pretty awesome- pidgin vulnerability or the WebEx one). This is one of those scripts that you have to use and reuse several times when working with obscure firmwares, memory dumps or even unknown pieces of code. A lot of us made something like th
After several months of silence due to our team moving, finding a new home, and generally working really hard, we are happy to announce today that a new version of BinDiff is available! While the underlying comparison engine has only changed slightly, we have some significant improvements on the UI, and some improvements that are particularly useful for porting symbolic information from FOSS libra
Quick Malware Notes, Incident Response, and 00-outs A while back after dealing with some heavily malware-infected systems, I wrote a followup post Anti-Malware Tools of Note. Since that time, a few other bits and bytes have come across my desk so I thought I would supplement it slightly. TinyApps bloggist brings our attention to and a recommendation for a “new” Free standalone and bootable antimal
As promised, here is a resource-dump of some anti-virus/anti-malware tools I either use for came across in my recently documented battles that I thought would be helpful for reference. As with many things in life, having the right tool for the particular job at hand can save much time and aggravation. Hopefully most of these will already be well known to the GSD faithful readers. But I also hope
HoneySpider Network Capture-HPC NG The HoneySpider Network Project is a joint venture between NASK/CERT Polska, GOVCERT.NL and SURFnet. The goal was to develop a client honeypot system, based on existing state-of- the-art client honeypot solutions and a novel crawler application specially tailored for the bulk processing of URLs. This system focuses primarily on attacks against, or involving the u
リリース、障害情報などのサービスのお知らせ
最新の人気エントリーの配信
処理を実行中です
j次のブックマーク
k前のブックマーク
lあとで読む
eコメント一覧を開く
oページを開く