Security through explanation
Additions Added the Automatic ReZer0 payload and configuration extraction article to the analysis scripts chapter. To contact me, you can e-mail me at [info][at][maxkersten][dot][nl], send me a PM on Reddit or DM me on Twitter @LibraAnalysis.
Additions Added the ReZer0v4 loader article to the malware analysis chapter. To contact me, you can e-mail me at [info][at][maxkersten][dot][nl], send me a PM on Reddit or DM me on Twitter @LibraAnalysis.
Additions Added the JavaScript string concatenation deobfuscation article to the analysis scripts chapter. To contact me, you can e-mail me at [info][at][maxkersten][dot][nl], send me a PM on Reddit or DM me on Twitter @LibraAnalysis.
MageCart groups have been roaming around for a while, infecting web shops left and right. Researchers have looked into the technical aspects of the skimmers, as have I. The recent COVID-19 pandemic opened up the playing field even further, which both criminals and researcher saw. Malwarebytes’ Jérôme Segura reported that there was a 26% increase … Read more
Additions Added the Emotet JavaScript downloader article to the Malware analysis chapter. To contact me, you can e-mail me at [info][at][maxkersten][dot][nl], send me a PM on Reddit or DM me on Twitter @LibraAnalysis.
Additions Added the Azorult loader stages article to the Malware analysis chapter. To contact me, you can e-mail me at [info][at][maxkersten][dot][nl], send me a PM on Reddit or DM me on Twitter @LibraAnalysis.
Previously, I wrote about my joint research with Jacob Pimental regarding two ticket resellers that were infected with a credit card skimmer. Based on the domain name of the skimmer’s gate (opendoorcdn[.]com) and URLScan, Jacob and I found 9 more infected webshops. Some of them are still linking to the skimmer’s domain at the moment … Read more
First and foremost I’d like to thank Jacob Pimental since he posted the initial lead, after which we joined forces to dive into this case. In his now deleted Tweet, he asked if anybody could help out with a potential credit card skimmer on the OlympicTickets2020 website. Background information Before diving into this case, I’ll … Read more
Additions The analysis of a Linux based DDoS tool named Corona has been added to the malware analysis chapter. To contact me, you can e-mail me at [info][at][maxkersten][dot][nl], send me a PM on Reddit or DM me on Twitter @LibraAnalysis.
Additions A new article has been added in the Binary types chapter, named Browser plug-in. To contact me, you can e-mail me at [info][at][maxkersten][dot][nl], send me a PM on Reddit or DM me on Twitter @LibraAnalysis.