When I heard about the Citrix NetScaler vulnerability (CVE-2019-19781) I wanted to capture some exploits to see what they were doing. It turns out Citrix provide a downloadable version of Citrix Gateway (which was also vulnerable), but using it to capture exploits turned out to be trickier than I’d originally anticipated.
Continue ReadingI’ve decided that it’s time to launch Life 2.0 and actually get serious about my career and put more effort in to achieving some of my other goals.
Continue ReadingUsually when I’m dabbling in forensics work I’m analysing a compromised Windows system. This time, however, I was using my forensic skills to investigate a potential problem with one of my bee hives (for a shorter version, try my beekeepers club presentation).
Continue ReadingThe WannaCry/WannaCrypt ransomware/worm struck late last week and wreaked havoc with a number of important files/documents being encrypted. Can a twenty year old idea of mine actually help to restrict the damage caused by ransomware by essentially ‘hiding’ your important files so that ransomware can’t find them?
After my tinkering with IT as a kid progressed to more of a hobby, followed by almost 22 years of full time employment as an IT engineer, I’m started to wonder if I’ve been a tad foolish.
I’m starting to think that there is more to life than IT (despite seeing more and more people that seem to think that it’s more important to walk around looking at the screen of their mobile phone rather than looking where they’re going), and with this realisation comes another realisation — that a life of IT has left me with very few practical life skills.
So now I find myself at a point where I want to do something that’s actually useful to people/society, but all I know how to do is IT.
I’m wondering how to implement ideas and make them a reality? How can I build (physical) things — how do you join pieces of wood for instance? How do businesses work?
How can I do something useful, and hopefully change lives — if not the world — when I don’t seem to be able to change a tap washer?!
The 06th March is the day that the Michelangelo virus (a virus I came across back in the early nineties) would overwrite disk sectors, and it apparently caused quite a frenzy back in January 1992. I was thinking, here we are 25 years later, and what have we done? (Look out — this is another one of my non-technical posts!) Continue Reading
There’s a theory that a thousand monkeys typing away at a thousand typewriters will eventually reproduce the works of Shakespeare. I got home one day to find a JavaScript downloader semi-randomly creating dynamic functions until one of them worked and downloaded some malware that I hadn’t seen before. Continue Reading
Previous posts in this series have demonstrated how unpack.py, when used on a CryptoLocker variant, extracts the malicious PE file injected in to explorer.exe, and how it can also be used to analyse the injected PE file. This post demonstrates how unpack.py can now be used to analyse our CryptoLocker variant’s network communications by dumping the cleartext traffic sent over its HTTPS connections.
This is the second part in a series of posts showing how we can use my unpack.py script to find quite a bit of useful information about a CryptoLocker variant. This post will analyse the unpacked payload that we found in part one. Continue Reading
My automated unpacking script (which really needs a sensible name!) is a few years old now, so I was interested to see how it would go with some malware that was developed after it was. That is, I wanted to answer the question ‘is my script still useful?’. It turns out it is still useful, and this post is the first of a few posts that aim to demonstrate why. Continue Reading
