Become The Malware Analyst Series: Malicious Code Extraction and Deobfuscation

July 7, 2020

In this video, Senior Incident Response & Research Consultant Scott Nusbaum demonstrates a method to extract and deobfuscate code from a malicious document. Upon rendering the code readable, Nusbaum works to gain an understanding of the goals the malware was attempting to accomplish and the processes by which it undertook that effort. This video is…

hunting for meaning blog post graphic

Indicators of Compromise – Hunting for Meaning (Part 1)

April 9, 2019

By the time an Incident Response consultant is contacted, the security event in question is already in motion. So, the goals become: rapid triage, assist in identifying the related threat risks, and make every effort to identify the threat actors involved. Attribution is very difficult when dealing with seasoned and well-funded threat actors, but it…

Adventures of an RDP Honeypot: Part 2 graphic

Adventures of an RDP Honeypot – Part Three: Creation of an RDP Honeypot

February 1, 2019

Welcome to the third and final part of the blog series on the RDP honeypot that I set up. The first part took a look at RDP and how it can be better secured, while the second post analyzed what the attackers did once they got into the honeypot. In this post I’ll talk about…

Adventures of an RDP Honeypot: Part 2 graphic

Adventures of an RDP Honeypot – Part Two: Know Your Enemy

January 28, 2019

Welcome to part two of the three-part series on the Remote Desktop Protocol (RDP) honeypot I set up. In the first post, I discussed ways that RDP can be configured to be more secure (and how you should NEVER put it on the Internet). In this part, I’ll talk about what happened when my honeypot…

Adventures of an RDP Honeypot: Part 2 graphic

Adventures of an RDP Honeypot – Part One: RDP Security

January 25, 2019

Over the last several months, TrustedSec has noticed a common thread in the root cause of incidents we’ve investigated: Microsoft Remote Desktop Protocol (RDP) open to the Internet. RDP on the Internet is a very bad idea. Attackers are constantly searching for, and breaking into, systems set up in this way. Once in, they can…

cartoon cat

Enumerating Anti-Sandboxing Techniques

June 19, 2018

Fighting/writing malware is very much a cat and mouse game. One of several techniques used by Anti-Virus/EDR solutions is to detonate payloads in a sandbox and watch what happens. To combat this, malware writers (and pentesters) have been including checks in their payloads to identify when running in a sandbox to evade detection. However, these…


Malware Analysis is for the (Cuckoo) Birds – Working with Proxmox

May 29, 2018

For quick access to the repo, click here. This post will be on how to setup and modify Cuckoo to work with a non-supported hypervisor, Proxmox. “Proxmox VE is a complete open-source platform for all-inclusive enterprise virtualization that tightly integrates KVM hypervisor and LXC containers, software-defined storage and networking functionality on a single platform, and…

Debian logo graphic

Malware Analysis is for the (Cuckoo) Birds – Cuckoo Installation Notes for Debian

May 18, 2018

Cuckoo is written in the programming language Python and utilizes multiple Python libraries. First step is to verify that these libraries are in place and up to date. Cuckoo’s Documentation does a good job of listing the commands, but can be confusing. The following will outline the commands needed to install Cuckoo and provide a…

cuckoo logo

Malware Analysis is for the (Cuckoo) Birds

May 18, 2018

There are many different options for malware analysis sandboxes. Most involve submitting samples to an online sandbox and getting a report back. While for the most part this is great, the reports contain the basic information on the type of malware and if it has been seen before. BUT what if you want to know…

close up of penguin

Malware: Linux, Mac, Windows, Oh My!

April 26, 2018

While going through APT write-ups, I’ve been noticing a lot of focus on detecting Windows malware, so we will skip over that. One thing that I haven’t seen much of online, though, is how to hunt for adversaries on Linux systems. For that reason, this blog post will be all about how you can look…

  • Browse by Category

  • Clear Form