What is this blog about?
Welcome to the internetopenurla.blogspot.com. The idea for this blog came out of a desire to show people, step by step, how to successfully reverse malware to fully understand it's capabilities and...
View ArticleIntro to Static Analysis Part 1
This is Part 1 of our Intro to Static Analysis.There are a number of schools of thought on how to approach reversing malware. Some people jump right into dynamic analysis in effort to quickly learn...
View ArticleIntro to Dynamic Analysis Part 1
Curt has covered static analysis quite well and briefly mentioned dynamic analysis. At this point you are probably wondering what is dynamic analysis? Simply put, it is the act of running the code and...
View ArticleDynamic Analysis part 2
Welcome to the second installment of the dynamic analysis section of out blog. In the last post, I discussed why you should use a VM solution and made some recommendations on choosing one. In this...
View ArticleClik here to view.
Intro to Static Analysis Part 2
This week I plan to go a bit more in detail on each of the steps from last week. I was going to get into deeper items such as using disassemblers and such, but I will go there in the next two posts. I...
View ArticleClik here to view.
Intro to Static Analysis Part 3
In this post I'm going to introduce you to IDA Pro. This is a disassembler application that is commonly used in the reverse engineering field. There are many other applications like this, but if you...
View ArticleSample Analysis 1
I apologize for not posting a primer on OllyDBG. Things are pretty busy with work and life. I know that's not a good excuse but it's all I got :). In the mean time, here is a link to the sample we are...
View ArticleClik here to view.
Sample Analysis 1 Static Results
The following is the static analysis details that I found with the Sample Analysis 1 binary that we posted previously. If you have done static analysis of this file as well, follow along and see if you...
View ArticleClik here to view.
Sample Analysis 1: Dynamic Analysis
For this portion of the analysis, I began by loading and taking a snapshot of my windows XP VM. The snapshot will allow me to revert later to a clean state.Next I started up Regshot to take a baseline...
View ArticleClik here to view.
Sample Analysis 2: Dynamic Analysis
Based on demand, we are going to start posting samples that we analyze to offensivecomputing.net so everyone can download the sample even if the site or system that we grab it from has been taken down....
View ArticleClik here to view.
Analysis of facebookmessenger malware
In this latest analysis, I will be analyzing a recent piece of malware called the facebook messenger. This piece of malware has received some recent press, which to me makes it even more interesting to...
View ArticleChanging the Blog format
We have found, as many probably have that venture into blogging, that it can be hard to keep up with new posts. With that in mind, we have decided to change the way we are doing things. We will still...
View ArticleSANS Malware Analysis Challenge
I am working on a talk to present at NoVA Hackers August meeting. I will be posting the slides and a link to the video on the blog once the talk is complete. The subject is on how to utilize Indicators...
View ArticleNoVAH Hackers Talk
I would like to thank everyone at NoVAH hackers for having me tonight. I had a great time and learned some good things.For those who couldn't make it, or those that were there and want the slides, I am...
View ArticleTo APT or not?
McAfee recently discovered a widespread series of exploits that they are calling Operation Shady Rat (http://blogs.mcafee.com/mcafee-labs/revealed-operation-shady-rat). This exploit compromised 72...
View ArticleTwo files with the same name!
Question: Can you create two files with the same name in a Windows directory?Answer:http://blogs.technet.com/b/mmpc/archive/2011/08/10/can-we-believe-our-eyes.aspxNot sure how many of you remember the...
View ArticleHopefully a revival!
Sorry we have been gone for so long. I have been way to busy at my day job. Just changed from that so I hope to get back on the wagon here soon. Stay tuned!
View ArticleA little focus change
I would like to start blogging more on how to take indicators found in malware analysis and use those indicators in research to fully understand the campaign. We will still do step by step analysis of...
View ArticleJust Becasue
I wanted to provide some new content on the blog, but I'm still finishing a big project for work. Then I will have much more play time. I'm thinking about doing a series of IDA pro usage posts to begin...
View Article
