I’ve decided that it’s time to launch Life 2.0 and actually get serious about my career and put more effort in to achieving some of my other goals.
Continue ReadingGeneral Information
Posts related to general information about malware analysis, or about this blog.
The 06th March is the day that the Michelangelo virus (a virus I came across back in the early nineties) would overwrite disk sectors, and it apparently caused quite a frenzy back in January 1992. I was thinking, here we are 25 years later, and what have we done? (Look out — this is another one of my non-technical posts!) Continue Reading
It is a hundred years to the day since the Australian and New Zealand Army Corps (ANZACs) landed on a beach at Gallipoli, Turkey, to fight in a war — not a ‘cyber’ war, where people often lose web servers, but the type of war where people often lose mates, comrades, loved ones, and their lives. This is a change from my usual technical writing, and given the sensitive subject matter, the lack of sleep that I got last night, and the fact that I’m more comfortable writing about my technical endeavours, I’m hoping that I don’t cock this up.
I was conjuring up a physical world which had the same level of tracking and logging as the Internet does — a preposterous world because nobody would expect the same level of tracking to occur once they left their computer and went outside right?
Little did I know that my preposterous world isn’t that far from becoming a reality, and that there could soon be any number of people who know what you did last summer. Continue Reading
Well it has been a year since I started this blog, and this is just a quick post to let you know that despite not posting anything for the last three months, I haven’t abandoned the blog nor my desire to try new things in the field of malware analysis. Whilst not blogging, I have had some thoughts about what I’d like to blog about should I once again find enough time to do so.
‘Remember the days of the old school yard?’ Or rather of the old school computer lab. Now that I’ve got this blog thing going, I couldn’t let the 06th of March go by without reminiscing about the Michelangelo virus, and rambling on about viruses ‘back when I was a lad’. Continue Reading
Since attacks often involve trying to run a shell on a remote host, usually by exploiting a vulnerability in a network service, why don’t we get the shell to log some pertinent information when it starts up. Information that will both alert us to the fact, and identify which potentially compromised process started it. Continue Reading
Like Men at Work once asked, ‘Who can it be knocking at my door‘? The smashed glass window next to the door probably suggests that when they knocked, they not only missed the door but also knocked a bit harder than was necessary to get someone’s attention. Unfortunately it’s not just an attempt at a witty opening, but a lead in to a story about a physical break in that occurred at a friend’s work place. I likened it to an APT in IT, and used it as an excuse to use IT to help with physical security — cue the ZoneMinder software. Continue Reading
If your computer, mobile phone, or any other piece of I.T. equipment starts behaving differently, then it is probably wise to investigate further as it could indicate a malware infection. I remembered this lesson on Friday when I was left stranded by the side of the road, due to car trouble after ignoring what I suspect with hindsight, was a subtle change in my car’s behaviour. Continue Reading
‘Self Modifying Code: Changing Memory Protection‘ described how self modifying code first needs to add write permissions to the memory page(s) before it can modify the code. There is another way of creating self modifying code which doesn’t require a call to VirtualProtect() — modify the characteristics of the .text (code) section in the EXE file. Continue Reading