Author Archives: darryl

A Quick Peek at Network Injection

Like many of you, I’ve been looking at the various NSA document leaks to see what kind of tools and techniques are being used. I suppose these releases will give cybercriminals new ideas and we will see some of these … Continue reading

Posted in Pentest, Tools | Tagged , , , | Comments Off

Wild Wild West – 07/2014

Added the following packs: RIG Exploit Kit Niteris aka “CottonCastle” “Snet” Special thanks to Kafeine for his valuable input.

Posted in Exploit Packs | Comments Off

Reversing a PHP Script Dynamically and Statically

A reader sent me two PHP scripts because the PHP Converter program I wrote wasn’t able to handle it. They are both similar so I’ll just work on one of them in this post. Here’s what it looks like: And … Continue reading

Posted in Malscript, Tools | Tagged , , | Comments Off

Deobfuscating PHP Scripts

Occasionally people send me PHP scripts to help them analyze it. Most of the time, it’s simply unescaping the script and finding the right variable to echo. I got two tricky ones within the past couple of months and finally … Continue reading

Posted in Malscript, Tools | Tagged , | Comments Off

Reversing RIG EK’s Flash File

VirusTotal is showing 0 out of 51 for RIG EK’s SWFIE exploit (MD5: 65AFF3A3774298B3ED5BA2C43F8A1979). Here’s a really quick overview on how to reverse this exploit file so we can determine which vulnerability it’s using. This method can also be used … Continue reading

Posted in Exploit Packs, Malscript, Tools | Tagged , , | Comments Off