Author Archives: darryl

Deobfuscating a Wicked-Looking Script

Bart Blaze, one of my security researcher friends passed along this PHP script to me. Let’s have a look. It looks like PHP ate some Perl and barfed it out. First thing I asked myself is, “does this even run?” … Continue reading

Posted in Malscript | Tagged , , | Comments Off

Revelo Updated

A colleague of mine received the following email in their Gmail in-box and wondered how it got past their filters and what it does. What almost tricked him was the fact that it called out his name. Only after looking … Continue reading

Posted in Malicious Email, Malscript, Tools | Tagged , , | Comments Off

Wild Wild West – 12/2014

Added the following packs: Null Hole “Hanjuan EK” “Archie EK” “Astrum EK” “SedKit” “SPL2 Pack” Special thanks to Kafeine for his valuable input.

Posted in Exploit Packs | Comments Off

Registry Dumper – Find and Dump Hidden Registry Keys

The cybercriminals behind Poweliks implemented two clever techniques in their malware. The first was leveraging rundll32.dll to execute Javascript and the second was using a method to hide/protect their registry keys. I’ll be focusing on the second method. The technique … Continue reading

Posted in Malscript, Tools | Tagged , , , | Comments Off

Securing KeePass with a Second Factor

Cybercriminals are now stealing password managers so it’s time to make them more secure. You can check out this article for details about how it’s being done. I wrote this up as a guide to help friends secure their password … Continue reading

Posted in Awareness | Tagged , , , , | Comments Off