Skip to content

Max Kersten

Security through explanation

  • Home
  • Blog
  • Binary Analysis Course
    • Introduction
      • Practical case: Secura Grand Slam CTF “Easy Reverse”
      • The workstation
      • The set-up
      • Basic CPU architecture
    • Assembly basics
      • Conditions and loops
      • Practical case: Patch Me 0x01
      • Methods and macros: the call stack
      • Practical case: Buffer Overflow 0x01
      • Crash course
      • Practical case: Crack Me 0x01
      • Practical case: Crack Me 0x02
      • Practical case: Crack Me 0x03
    • Assembly code
      • Hello world
      • Universal Product Code calculator
      • Debugging code
    • Binary types
      • Dot Net
      • Android
      • Browser plug-in
    • Common techniques
      • General techniques
      • Analysing scripts
    • Malware analysis
      • Dot Net RAT
      • Android SMS Stealer
      • LNK & ISESteroids Powershell dropper
      • Emotet droppers
      • Magecart
      • Corona DDoS bot
      • Azorult loader stages
      • Emotet JavaScript downloader
      • Corona Locker
      • ReZer0v4 loader
    • Analysis scripts
      • PowerShell string formatting deobfuscation
      • Ghidra script to decrypt strings in Amadey 1.09
      • JavaScript string concatenation deobfuscation
      • Automatic ReZer0 payload and configuration extraction
    • Obtaining samples
      • Searching samples
    • Documentation
      • Article structure
    • Resources
    • FAQ
    • Miscellaneous
      • A year in review: 2018-2019
      • A year in review: 2019-2020
  • Whitepapers
  • Projects
    • AndroidProjectCreator
    • API client libraries
    • MalwareTheFlag
    • Responsible Disclosures
    • MalPull
    • Capricorn
      • Changelog
    • Archive
      • ShoulderSurfer
      • Stringer
      • Gemini
        • Changelog
  • About me
    • News and conferences
    • Privacy Policy

Month: January 2020

Pivoting on the skimmer’s domain name

27/01/202003/02/2020 by libra

Previously, I wrote about my joint research with Jacob Pimental regarding two ticket resellers that were infected with a credit card skimmer. Based on the domain name of the skimmer’s gate (opendoorcdn[.]com) and URLScan, Jacob and I found 9 more infected webshops. Some of them are still linking to the skimmer’s domain at the moment … Read more

Categories Malware Analysis, Responsible Disclosure

Ticket resellers infected with a credit card skimmer

20/01/202008/07/2020 by libra

First and foremost I’d like to thank Jacob Pimental since he posted the initial lead, after which we joined forces to dive into this case. In his now deleted Tweet, he asked if anybody could help out with a potential credit card skimmer on the OlympicTickets2020 website. Background information Before diving into this case, I’ll … Read more

Categories MageCart, Malware Analysis, Responsible Disclosure

Recent Posts

  • Binary Analysis Course: release notes 0x24
  • Illness and inactivity
  • Hatching Triage Java API client version 1.2 release notes
  • Binary Analysis Course: release notes 0x23
  • Hatching Triage Java API client version 1.1 release notes

Archives

  • February 2021
  • January 2021
  • December 2020
  • November 2020
  • October 2020
  • September 2020
  • August 2020
  • July 2020
  • June 2020
  • May 2020
  • April 2020
  • March 2020
  • February 2020
  • January 2020
  • December 2019
  • November 2019
  • October 2019
  • September 2019
  • August 2019
  • July 2019
  • June 2019
  • May 2019
  • April 2019
  • March 2019
  • February 2019
  • January 2019
  • December 2018
  • November 2018
  • October 2018
  • September 2018
  • August 2018
  • July 2018
  • June 2018
  • January 2018
  • October 2017
  • July 2017
  • June 2017
  • May 2017
  • April 2017

Categories

  • AndroidProjectCreator
  • API Clients
  • Binary Analysis Course
  • Capricorn
  • Ethics
  • Gemini
  • Lectures
  • MageCart
  • MalPull
  • Malware Analysis
  • MalwareTheFlag
  • Responsible Disclosure
  • Reviews
  • Uncategorized
  • Web hacking
  • Whitepapers
© 2021 • GeneratePress
Scroll back to top