Author Archives: darryl

Webshell with a Booby Trap

I came across three interesting PHP scripts that were presumably dropped by the same attacker. Perhaps this is old news but it’s something new to me. Here’s the first one which looks innocent enough. However, if you put in the … Continue reading

Posted in Malscript | Tagged , , | Comments Off on Webshell with a Booby Trap

Converter Updated

The latest version includes several new features which I’d like to highlight here: Enhanced Range Search/Replace The feature can be found by going to this menu item under Tools: You can now add incrementers as a text replacement as seen … Continue reading

Posted in Malscript, Tools | Tagged , , , , , | Comments Off on Converter Updated

Malicious Word Macro Caught Using Sneaky Trick

There has been a slew of malicious Word documents attached to email purporting to be invoices, receipts, etc. This particular one caught my eye but I’m not sure if this is an old trick. I just haven’t seen this method … Continue reading

Posted in Malicious Email, Malscript | Tagged , , , , , , | Comments Off on Malicious Word Macro Caught Using Sneaky Trick

Deobfuscating a Wicked-Looking Script

Bart Blaze, one of my security researcher friends passed along this PHP script to me. Let’s have a look. It looks like PHP ate some Perl and barfed it out. First thing I asked myself is, “does this even run?” … Continue reading

Posted in Malscript | Tagged , , | Comments Off on Deobfuscating a Wicked-Looking Script

Revelo Updated

A colleague of mine received the following email in their Gmail in-box and wondered how it got past their filters and what it does. What almost tricked him was the fact that it called out his name. Only after looking … Continue reading

Posted in Malicious Email, Malscript, Tools | Tagged , , | Comments Off on Revelo Updated