Archives

All posts by Karl

Malwear Musings (my merchandise) Sale

Posted by Karl on May 30, 2021
Posted in: General Information, malwearmusings, t-shirts. Tagged: , , , , . Leave a comment

Malwear Musings is my t-shirt/merchandise shop, hosted by RedBubble. I was hoping to sell enough t-shirts to recover the cost of hosting my blog, but at an average of just over one t-shirt a year at the moment, this obviously isn’t happening.

I don’t like adverts on web pages, so I’ve been paying WordPress.com for the last seven and a half years to keep my blog advert free. It’s obviously been running at a loss, but I’ve maintained it regardless, despite not getting a lot of time to work on it (now that I’m working full-time again), in the hope that people will find it useful.

RedBubble are currently having a store-wide sale with 20%-60% off, until 01st June 2021 (see clickable image below), so I’m hoping that whether or not you find my blog posts useful, you’ll find my t-shirts amusing/entertaining and decide to buy some.

I’ve just added five new designs, which I’d been meaning to do for some time (see the ‘procrastination’ t-shirt!), and this sale seemed like a good time to finally get them out. I have some more designs that I want to add, but I also need to work on other stuff this weekend (like making some shortbread)!

You can find my RedBubble shop at https://malwearmusings.redbubble.com/ (that misspelling is a deliberate pun, albeit possibly a confusing one) and I hope you like my t-shirt designs — right now though, it’s shortbread time.

Classics

  • Some Assembly Required
  • Don’t Follow Me, I’m Going Phishing
  • My Favourite Strings

Cyber Security

  • Does this t-shirt/hoodie make my data look big? (new)
  • My parents went on the Internet and all I got was some lousy malware
  • DNT: 1
  • Do Not Track

Geeky/Techo

  • /me reminisces
  • Does this t-shirt/hoodie make my data look big? (new)
  • 417 Expectation Failed
  • My parents went on the Internet and all I got was this lousy t-shirt

Beekeeping

  • I’d quit smoking, but it calms my bees (new)
  • Beekeepers are smokin’ (new)

Music

  • My parents went to coda and all I got was this lousy t-shirt
  • Musicians do it in bars (new)

Unicycling

  • Do not overtake flailing vehicle
  • mount /dev/sad/admin /mnt/unicycle

General

  • Chronocidal Maniac
  • Five tips to avoid procrastination (new)
  • COVID-19: Social distancing — If you can read this, you’re too close

Recovering from a WordPress Plugin Exploit

Posted by Karl on January 31, 2021
Posted in: Uncategorized. Tagged: . 1 Comment

I was asked if I could look at a WordPress website which wasn’t displaying correctly. It was showing an index of files in the document root directory, rather than showing the home page. This suggested that the index.html (UNIX), index.htm (Windows), or in the case of WordPress, index.php file was missing. Read on and I’ll talk you through how I recovered the site.

Continue Reading

Creating a Citrix Gateway Honeypot

Posted by Karl on March 31, 2020
Posted in: Uncategorized. Tagged: , . Leave a comment

When I heard about the Citrix NetScaler vulnerability (CVE-2019-19781) I wanted to capture some exploits to see what they were doing. It turns out Citrix provide a downloadable version of Citrix Gateway (which was also vulnerable), but using it to capture exploits turned out to be trickier than I’d originally anticipated.

Continue Reading

Mitigating the Effects of Ransomware: Hiding Your Files

Posted by Karl on May 16, 2017
Posted in: Muse Food. Tagged: . Leave a comment

The WannaCry/WannaCrypt ransomware/worm struck late last week and wreaked havoc with a number of important files/documents being encrypted. Can a twenty year old idea of mine actually help to restrict the damage caused by ransomware by essentially ‘hiding’ your important files so that ransomware can’t find them?

Continue Reading

April Fool?

Posted by Karl on April 1, 2017
Posted in: Muse Food. Leave a comment

After my tinkering with IT as a kid progressed to more of a hobby, followed by almost 22 years of full time employment as an IT engineer, I’m started to wonder if I’ve been a tad foolish.

I’m starting to think that there is more to life than IT (despite seeing more and more people that seem to think that it’s more important to walk around looking at the screen of their mobile phone rather than looking where they’re going), and with this realisation comes another realisation — that a life of IT has left me with very few practical life skills.

So now I find myself at a point where I want to do something that’s actually useful to people/society, but all I know how to do is IT.

I’m wondering how to implement ideas and make them a reality? How can I build (physical) things — how do you join pieces of wood for instance? How do businesses work?

How can I do something useful, and hopefully change lives — if not the world — when I don’t seem to be able to change a tap washer?!

Michelangelo Virus Day — What have we done in the last 25 years?!

Posted by Karl on March 6, 2017
Posted in: A False Sense of Security, General Information. Tagged: . Leave a comment

The 06th March is the day that the Michelangelo virus (a virus I came across back in the early nineties) would overwrite disk sectors, and it apparently caused quite a frenzy back in January 1992. I was thinking, here we are 25 years later, and what have we done? (Look out — this is another one of my non-technical posts!) Continue Reading

A Thousand Monkeys Writing a JavaScript Malware Downloader: De-obfuscating the JavaScript

Posted by Karl on January 19, 2017
Posted in: Malware Analysis, Reverse Engineering. Tagged: , , . Leave a comment

There’s a theory that a thousand monkeys typing away at a thousand typewriters will eventually reproduce the works of Shakespeare. I got home one day to find a JavaScript downloader semi-randomly creating dynamic functions until one of them worked and downloaded some malware that I hadn’t seen before. Continue Reading

Analysing CryptoLocker with unpack.py: Network Communications (part 3)

Posted by Karl on May 13, 2016
Posted in: Malware Analysis. Tagged: , , . 1 Comment

Previous posts in this series have demonstrated how unpack.py, when used on a CryptoLocker variant, extracts the malicious PE file injected in to explorer.exe, and how it can also be used to analyse the injected PE file. This post demonstrates how unpack.py can now be used to analyse our CryptoLocker variant’s network communications by dumping the cleartext traffic sent over its HTTPS connections.

Continue Reading