Practical Malware Analysis:LAB 1

LAB 1-1: Files: Lab01-01.exe:bb7425b82141a1c0f7d60e5106676bb1 Lab01-01.dll: 290934c61de9176ad682ffdd65f0a669(md5) Answers: 1. Upload the files to http://www.virustotal.com and view the reports. Does either file match any existing antivirus signatures? 2. When were these files compiled? 3.Are there any indications that either of these files is packed or obfuscated? If so, what are these indicators? 4. Do any imports hint […]

My presentation about Ransomwares

Ransomware is a malware/malicious software program designed to block or disable access to the data your computer. The program displays a full-screen message on your screen claiming all files/programs have been blocked or encrypted. It demands a ransom, to be paid within a specific time, in order to decrypt/restore access. I try in my presentation […]

Exploit for CVE-2015-1427, ElasticSearch Unauthenticated Remote Code Execution

Description The Groovy scripting engine in Elasticsearch before 1.3.8 and 1.4.x before 1.4.3 allows remote attackers to bypass the sandbox protection mechanism and execute arbitrary shell commands via a crafted script. POC code :http://jordan-wright.com/blog/2015/03/08/elasticsearch-rce-vulnerability-cve-2015-1427/ Shodan :   Exploit : Recommandations :https://nvd.nist.gov/vuln/detail/CVE-2015-1427    

Zabbix – SQL Injection

Zabbix is an enterprise-class open source distributed monitoring solution. Zabbix is software that monitors numerous parameters of a network and the health and integrity of servers. Properly configured, Zabbix can play an important role in monitoring IT infrastructure. Vulnerability Overview: Zabbix suffers from a remote SQL injection vulnerability in the jsrpc.php page or api_jsonrpc.php page […]

This Map Shows the UK’s Surveillance Exports

The UK is a worldwide exporter of surveillance technology. From devices that hoover up phone calls and text messages, to hardware for monitoring internet traffic. “The transfer of these technologies cannot be divorced from human rights concerns,” Matthew Rice, advocacy officer at UK activist group Privacy International, told Motherboard in an email. “The use of […]

MongoDB And ransomware attacks

Learning that tens of thousands of MongoDB database have been compromised and held hostage by ransomware is both startling and worrisome. Groups of attackers have adopted a new tactic that involves deleting publicly exposed MongoDB databases and asking for money to restore them.The number of affected databases has risen from hundreds to more than 10,000. […]