Author Archives: darryl

A Quick Peek at Network Injection

Posted on August 20, 2014 by darryl

Like many of you, I’ve been looking at the various NSA document leaks to see what kind of tools and techniques are being used. I suppose these releases will give cybercriminals new ideas and we will see some of these … Continue reading

Posted in Pentest, Tools | Tagged , , , | Comments Off on A Quick Peek at Network Injection

Wild Wild West – 07/2014

Posted on July 25, 2014 by darryl

Added the following packs: RIG Exploit Kit Niteris aka “CottonCastle” “Snet” Special thanks to Kafeine for his valuable input.

Posted in Exploit Packs | Comments Off on Wild Wild West – 07/2014

Reversing a PHP Script Dynamically and Statically

Posted on July 11, 2014 by darryl

A reader sent me two PHP scripts because the PHP Converter program I wrote wasn’t able to handle it. They are both similar so I’ll just work on one of them in this post. Here’s what it looks like: And … Continue reading

Posted in Malscript, Tools | Tagged , , | Comments Off on Reversing a PHP Script Dynamically and Statically

Deobfuscating PHP Scripts

Posted on June 1, 2014 by darryl

Occasionally people send me PHP scripts to help them analyze it. Most of the time, it’s simply unescaping the script and finding the right variable to echo. I got two tricky ones within the past couple of months and finally … Continue reading

Posted in Malscript, Tools | Tagged , | Comments Off on Deobfuscating PHP Scripts

Reversing RIG EK’s Flash File

Posted on May 23, 2014 by darryl

VirusTotal is showing 0 out of 51 for RIG EK’s SWFIE exploit (MD5: 65AFF3A3774298B3ED5BA2C43F8A1979). Here’s a really quick overview on how to reverse this exploit file so we can determine which vulnerability it’s using. This method can also be used … Continue reading

Posted in Exploit Packs, Malscript, Tools | Tagged , , | Comments Off on Reversing RIG EK’s Flash File