Author Archives: darryl

Detecting Phishing Sites in Your Logs

I recently read the Anti-Phishing Working Group’s 2Q 2014 report and saw the number of unique phishing sites. I then compared the numbers with the previous year. After more than 10 years of phishing it’s still around, and growing! Back … Continue reading

Posted in Tools | Tagged , , , | Comments Off

A Quick Peek at Network Injection

Like many of you, I’ve been looking at the various NSA document leaks to see what kind of tools and techniques are being used. I suppose these releases will give cybercriminals new ideas and we will see some of these … Continue reading

Posted in Pentest, Tools | Tagged , , , | Comments Off

Wild Wild West – 07/2014

Added the following packs: RIG Exploit Kit Niteris aka “CottonCastle” “Snet” Special thanks to Kafeine for his valuable input.

Posted in Exploit Packs | Comments Off

Reversing a PHP Script Dynamically and Statically

A reader sent me two PHP scripts because the PHP Converter program I wrote wasn’t able to handle it. They are both similar so I’ll just work on one of them in this post. Here’s what it looks like: And … Continue reading

Posted in Malscript, Tools | Tagged , , | Comments Off

Deobfuscating PHP Scripts

Occasionally people send me PHP scripts to help them analyze it. Most of the time, it’s simply unescaping the script and finding the right variable to echo. I got two tricky ones within the past couple of months and finally … Continue reading

Posted in Malscript, Tools | Tagged , | Comments Off