Previous posts in this series have demonstrated how unpack.py, when used on a CryptoLocker variant, extracts the malicious PE file injected in to explorer.exe, and how it can also be used to analyse the injected PE file. This post demonstrates how unpack.py can now be used to analyse our CryptoLocker variant’s network communications by dumping the cleartext traffic sent over its HTTPS connections.
Seeing an increase in MySQL attacks hitting your network and interested in knowing more about them? This post follows on from the previous post which discussed how to run a Cuckoo Sandbox analysis of a MySQL attack.
This post starts analysing the results and notices an issue with a particular malware trait and Cuckoo (v0.4.2). Awfully gripping stuff — I was on the edge of my seat, but then that could be because my table was too far away from my chair. Continue Reading
Seeing an increase in MySQL attacks hitting your network and interested in knowing more about them? This post discusses how to run the attack within the Cuckoo Sandbox. Subsequent posts will analyse the results.
It’s nice to use dynamic analysis to corroborate the findings from static analysis, but what if you face an SQL attack? What if the attack caused the MySQL server to drop an executable file and pass control to it, or if the attack was exploiting a remote code execution vulnerability? I developed a Cuckoo package, misql.py, to allow me to dynamically analyse some of the effects of MySQL attacks. Continue Reading