Clik here to view.
Welcome to the 'SemperSecurus' blog
Welcome to my new blog! In this space, I'll be posting various items pertaining to information security, digital forensics, malware / botnet analysis, and e-crime studies. I'll also post on anything of...
View ArticleClik here to view.
Using "volatility" to study the CVE-2011-0611 Adobe Flash 0-day
I recently had the opportunity to collaborate with Mila Parkour from Contagio in her research of the recent Adobe Flash 0-day (CVE-2011-0611) During this research, I utilized some basic memory...
View ArticleClik here to view.
Coreflood botnet - Detection and remediation
On April 13, 2011, The FBI and the Dept. of Justice announced that they had received a temporary restraining order allowing them to disable the Coreflood botnet. Coreflood is believed to have had over...
View ArticleClik here to view.
Malware Sandbox Services and Software
Whether you are performing digital forensics, or just have an interest in malware, a sandbox environment is an essential part of your analysis program. Sandboxing services can save time and provide a...
View ArticleClik here to view.
I2P...The *other* Anonymous Network
One of the more interesting aspects to the Internet, is the area of anonymity and hidden services. While many people are familiar with the Tor network, there is another "network" that is gaining...
View ArticleClik here to view.
Welcome to DeepEnd Research
I wanted to provide a link to another effort I am pleased to be involved in: DeepEnd Research.From the website: "We are pleased to introduce DeepEnd Research, an independent information security...
View ArticleClik here to view.
Decoding malware SSL using Burp proxy
When performing dynamic analysis of malware, you will occasionally encounter SSL being utilized for network communication, thus preventing you from analyzing the content. Typically Wireshark is...
View ArticleClik here to view.
Sharing of Forensically Interesting Objects
As I go through various forensic cases and malware studies, I often find myself producing memory dumps of the host systems under examination. I also dump registry hives and other objects related to my...
View ArticleClik here to view.
Cridex Analysis using Volatility
Update 1 - August 5, 2012 - located at end of postUpdate 2 - August 7, 2012 - located at end of postI had read previous analysis reports about Cridex from various sites as M86 Security and Kahu...
View ArticleClik here to view.
Analyzing Malware? Don't forget to disable Windows Defender
Life's been pretty busy this past year. In December 2012, I started at GWU on their security team, and in April of 2013, my father passed after a long and difficult illness. So even though I've...
View ArticleClik here to view.
A Forensic Overview of a Linux perlbot
It's fairly old news that exploit attempts against PHP, ColdFusion, and Content Management Systems are quite common these days. Most of these attempts target old vulnerabilities, hoping to hit enough...
View ArticleClik here to view.
Another look at a cross-platform DDoS botnet
I learned from a recent "Malware Must Die" post about a Linux malware sample that is associated with DNS amplification attacks. As mentioned in the MMD post, several researchers have posted on this,...
View Article
