Archives

All posts by karl

It’s about time I got some more technical content on my blog and after presenting at the Malware and Reverse Engineering Conference in February and seeing a presentation on Tofsee, I decided to do my own analysis of Tofsee.

Continue Reading

I was asked if I could look at a WordPress website which wasn’t displaying correctly. It was showing an index of files in the document root directory, rather than showing the home page. This suggested that the index.html (UNIX), index.htm (Windows), or in the case of WordPress, index.php file was missing. Read on and I’ll talk you through how I recovered the site.

Continue Reading

After my tinkering with IT as a kid progressed to more of a hobby, followed by almost 22 years of full time employment as an IT engineer, I’m started to wonder if I’ve been a tad foolish.

I’m starting to think that there is more to life than IT (despite seeing more and more people that seem to think that it’s more important to walk around looking at the screen of their mobile phone rather than looking where they’re going), and with this realisation comes another realisation — that a life of IT has left me with very few practical life skills.

So now I find myself at a point where I want to do something that’s actually useful to people/society, but all I know how to do is IT.

I’m wondering how to implement ideas and make them a reality? How can I build (physical) things — how do you join pieces of wood for instance? How do businesses work?

How can I do something useful, and hopefully change lives — if not the world — when I don’t seem to be able to change a tap washer?!

The 06th March is the day that the Michelangelo virus (a virus I came across back in the early nineties) would overwrite disk sectors, and it apparently caused quite a frenzy back in January 1992. I was thinking, here we are 25 years later, and what have we done? (Look out — this is another one of my non-technical posts!) Continue Reading

There’s a theory that a thousand monkeys typing away at a thousand typewriters will eventually reproduce the works of Shakespeare. I got home one day to find a JavaScript downloader semi-randomly creating dynamic functions until one of them worked and downloaded some malware that I hadn’t seen before. Continue Reading

Previous posts in this series have demonstrated how unpack.py, when used on a CryptoLocker variant, extracts the malicious PE file injected in to explorer.exe, and how it can also be used to analyse the injected PE file. This post demonstrates how unpack.py can now be used to analyse our CryptoLocker variant’s network communications by dumping the cleartext traffic sent over its HTTPS connections.

Continue Reading