Submitted by Jason.Upchurch on Mon, 2011-10-24 18:17
In a continued effort to create some entry level examples to promote malware analysis education, I have created some unpacking examples that are not malware. Some examples do contain malware like code, but it is crippled (dead IP addresses, not persistant, and so on).
Click the read more link at the bottom of the story. Download the zip file with our little program that has been packed with a few different packers. Try to unpack them BEFORE watching the video. The video below is the solution to the problem, so it is there to help you if you get stuck.
Submitted by Jason.Upchurch on Tue, 2012-05-01 00:15
Hey Gang!
Here are some academic oriented malware analysis papers that I am referencing for my PhD. Included, for a very limited time, is a paper called Jesse.pdf. This paper is a PDF that is infected with an old adobe exploit. It will attempt to connect to a local IP, so shouldn't get loose.
Submitted by Jason.Upchurch on Fri, 2011-11-04 17:01
I am not accepting new accounts without a person email request (spam is really heavy and I don't have time to resolve it myself). If you would like an account to comment, ask questions, contribute, etc. please send me a request. If you don't know my personal email account, take a look in the forums under the administration section of the forum.
Thanks,
Jason
Submitted by Jason.Upchurch on Wed, 2011-08-17 01:45
I have been sifting through the horror of my inbox and trying to catch up following last week's GFIRST conference. For those that took my Introduction to Malware Analysis: Manual Unpacking course on Sunday and Monday, I will be making the videos of the problems and posting per the directions I gave you in class. I have your email addresses as well and will send the instructions to you.
Submitted by Jason.Upchurch on Fri, 2011-02-04 18:56
Well, the DoD Cyber Crime Conference is over. Malware seemed to be the topic of the year and I was in that boat presenting two “mini” classes on Interactive Malware Analysis. In common speak that is “static analysis,” but using a debugger is anything but static. The classes where “Introduction to Malware Analysis with Immunity” and “Introduction to Manual Unpacking with Olly/Immunity.” Both where condensed excerpts from my one week course.
Submitted by Jason.Upchurch on Tue, 2009-11-10 18:00
I would like to thank everyone that attended the malware class last week. Mike and I really enjoyed giving the course as we are passionate about the subject. As I said in the class, the VM is available at ftp.cyber4.us with the user name and password provided in the class. The VM is as it was prior to any work (infections) occurring. I am also hopeful that we will be able to post the solutions to many of the examples we used in the class. If we can make some videos of the solutions they will be posted here, else there will be a note to check the ftp site.
Thanks,
Jason Upchurch
Submitted by Jason.Upchurch on Fri, 2008-09-12 23:58
In the previous installments, I have talked about the general concept of RAID and how it is not really standardized. We broke RAID down into 4 main groups, left symmetrical, left asymmetrical, right symmetrical, and right asymmetrical. Of course if that was all to it, it wouldn't be such a hassle to reconstruct failed RAID arrays. To that end, I spoke about parity levels and that the number of disks don't necessarily have to be equal. This can complicate matters a bit in the reconstruction process.
Submitted by Dave.Hawkins on Fri, 2008-09-12 00:19
*** NOTE: URL's cited (but not linked to) in this article may contain malware that could harm your computer or encourage you to give money away for nothing in return. Please be cautious when browsing to any address not explicitly linked to!
I would like to take a few minutes to review an in-depth article by The Register (Anatomy of a Hack). Specifically I want to focus on the areas that were well executed and areas that create vulnerabilities to the hacker's objectives.
Submitted by Dave.Hawkins on Thu, 2008-09-11 10:33
The Plea
Over the last 6 years that I've been involved with computer forensics/computer security I regularly reflect on the lack of open standards for handling digital evidence. Can we please, as a community, make a grassroots decision to standardize our imaging on a common format?
The Problem
Submitted by Dave.Hawkins on Wed, 2008-09-10 14:44
When approaching computer forensics I try to put myself in the shoes of the subject of the case. In intrusions I try to think like the attacker... This is the inaugural post of a tag series I'll call mindset. During this series I'll try to uncover the thought process behind different types of hackers and show how understanding their individual nuances can increase your proficiency in examining intrusions.
In this post I reveal the base principle I use in examining an intrusion:
General Theory of Laziness
Pages
