Security through explanation
Additions Added the Azorult loader stages article to the Malware analysis chapter. To contact me, you can e-mail me at [info][at][maxkersten][dot][nl], send me a PM on Reddit or DM me on Twitter @LibraAnalysis.
Previously, I wrote about my joint research with Jacob Pimental regarding two ticket resellers that were infected with a credit card skimmer. Based on the domain name of the skimmer’s gate (opendoorcdn[.]com) and URLScan, Jacob and I found 9 more infected webshops. Some of them are still linking to the skimmer’s domain at the moment … Read more
First and foremost I’d like to thank Jacob Pimental since he posted the initial lead, after which we joined forces to dive into this case. In his now deleted Tweet, he asked if anybody could help out with a potential credit card skimmer on the OlympicTickets2020 website. Background information Before diving into this case, I’ll … Read more
Additions The analysis of a Linux based DDoS tool named Corona has been added to the malware analysis chapter. To contact me, you can e-mail me at [info][at][maxkersten][dot][nl], send me a PM on Reddit or DM me on Twitter @LibraAnalysis.
Additions A new article has been added in the Binary types chapter, named Browser plug-in. To contact me, you can e-mail me at [info][at][maxkersten][dot][nl], send me a PM on Reddit or DM me on Twitter @LibraAnalysis.
Additions A new article has been added in chapter 4, regarding the analysis of the Emotet banking trojan. Updates Two new books have been added to the resources: the C Programming Language (written by Brian W. Kernighan and Dennis M. Ritchie) and Practical Malware Analysis (written by Michael Sikorski and Andrew Honig). To contact me, … Read more
Additions A new article has been added in chapter 4, regarding the analysis of a malicious LNK dropper To contact me, you can e-mail me at [info][at][maxkersten][dot][nl], send me a PM on Reddit or DM me on Twitter @LibraAnalysis.
Additions A new article has been added in chapter 4, regarding the analysis of an obfuscated Powershell sample To contact me, you can e-mail me at [info][at][maxkersten][dot][nl], send me a PM on Reddit or DM me on Twitter @LibraAnalysis.
Additions A new article has been added in chapter 4, regarding the analysis of an Android SMS stealing sample Updates Fixed a mistake in the Crash course based on the feedback of noxosd To contact me, you can e-mail me at [info][at][maxkersten][dot][nl], send me a PM on Reddit or DM me on Twitter @LibraAnalysis.
Additions A new article has been added in chapter 4, regarding the analysis of a Dot Net RAT Updates Altered the Android file types article to clarify the codebase section based on the feedback of GuyWizStupidComments To contact me, you can e-mail me at [info][at][maxkersten][dot][nl], send me a PM on Reddit or DM me on … Read more