Collaborate Disseminate
I received phishing email that contains base64 encrypted JS code in the attachment. I decrypted it but can’t understand it because of obfuscation. Do you guys have any clue what this code is trying to do?
<script>
eval(function($nb… Continue reading What is this obfuscated JS code trying to do? [closed]
In a recent collaboration to investigate a rise in malware infections featuring a commercial remote access trojan (RAT), IBM Security X-Force and Cipher Tech Solutions (CT), a defense and intelligence security firm, investigated malicious activity that spiked in the first quarter of 2021. With over 1,300 malware samples collected, the teams analyzed the delivery of […]
The post RoboSki and Global Recovery: Automation to Combat Evolving Obfuscation appeared first on Security Intelligence.
Continue reading RoboSki and Global Recovery: Automation to Combat Evolving Obfuscation
Many tools in Linux allow for checking things as a non-root user. For example, at any time, I can check whether a service is running:
$ systemctl status ntp
However, the iptables needs to be used as root whatever the option. I’m wondering… Continue reading Why is the -L (list) option of iptables not available to non-root users?
My drupal website was getting hacked recently. While cleaning up the malicious scripts, I found that the hacker uploaded an image file (sites/default/files/test.jpg) contains below code.
error_reporting(0);
require_once(‘includes/session.i… Continue reading PHP code in image file
I published the following diary on isc.sans.edu: “Russian Dolls VBS Obfuscation“: We received an interesting sample from one of our readers (thanks Henry!) and we like this. If you find something interesting, we are always looking for fresh meat! Henry’s sample was delivered in a password-protected ZIP archive and the
The post [SANS ISC] Russian Dolls VBS Obfuscation appeared first on /dev/random.
I am exploring android malware forensics and am trying out payload generation and delivery, while also trying obfuscation. I have used commercial tools, e.g. ProGuard and also open sourced tools, eg. Obfuscapk. Now I am trying to advance f… Continue reading Obfuscating android malware
How can we secure a source code which is deployed at client side cloud and is difficult to reverse engineer just like a licensed product The major difference is that I have a service to protect and do not have exe or dmg file.
I want to ob… Continue reading How to secure containerized python source code deployed at client side cloud
By nature, .NET assemblies are extremely easy to reverse engineer. Say I want to hide some code by embedding an encrypted .dll into another .dll that is to be decrypted and loaded at runtime:
compile a .dll with all the code I want to pro… Continue reading .Net dll encryption
The Reverse Engineering webinar audience having been so active not only were we unable to address all the incoming questions online, we didn’t even manage to pack the rest of them in one blogpost. So here comes the second part of the webinar follow-up. Continue reading Targeted Malware Reverse Engineering Workshop follow-up. Part 2
I’ve received emails recently, where the sender is an address to their personal website.
From: name.net
Instead of a normal email such as mine, which is always in the form:
From: name@mail.com
I would like to learn how this is achieved… Continue reading Using a site as email address [closed]