Become The Malware Analyst Series: PowerShell Obfuscation Shellcode

August 20, 2020
In this second installment of the ‘Become a Malware Analyst Series,” Principal Incident Response & Research Consultant Scott Nusbaum focuses on PowerShell obfuscation by analyzing a PowerShell sample that was identified during an incident response. Scott will also touch on methods and tools to identify common Metasploit function hashes.

Become The Malware Analyst Series: Malicious Code Extraction and Deobfuscation

July 7, 2020
In this video, Senior Incident Response & Research Consultant Scott Nusbaum demonstrates a method to extract and deobfuscate code from a malicious document. Upon rendering the code readable, Nusbaum works to gain an understanding of the goals the malware was attempting to accomplish and the processes by which it undertook that effort. This video is...

Access Locked Files With TScopy

June 11, 2020
Wanted: TScopy Tool Testers GitHub Repo https://github.com/trustedsec/tscopy Introducing TScopy It is a requirement during an Incident Response (IR) engagement to have the ability to analyze files on the filesystem. Sometimes these files are locked by the operating system (OS) because they are in use, which is particularly frustrating with event logs and registry hives. TScopy...

Detecting CVE-2020-0688 Remote Code Execution Vulnerability on Microsoft Exchange Server

February 28, 2020
Microsoft recently released a patch for all versions of the Microsoft Exchange server. This patch fixes a Remote Code Execution flaw that allows an attacker to send a specially crafted payload to the server and have it execute an embedded command. Researchers released proof of concept (POC) exploits for this vulnerability on February 24, 2020....
holiday phishing graphic

Holiday Phishing: Office 365

November 15, 2018
  It’s that time of year again, Merry Phishmas!! Holidays are the prime time of the year for attackers to send Phishing campaigns. Whether you are looking for the best deal on Black Friday, the best Christmas gift for that special family member, or a Holiday greeting from employees, employers, or costumers, there are plenty...
Dumping Embedded Java Classes graphic

Dumping Embedded Java Classes

September 6, 2018
A few months ago, I came across a piece of Java malware. This was a nice change of pace for me, since most of what I see is written in C/C++. The malware was heavily obfuscated using a common tool, Allatori v5.3. After working my way manually through decoding, I came to a point where...
  • Browse by Category

  • Clear Form