Black Hat Arsenal peepdf Challenge 2015 writeup

At the beginning of August I saw a link on twitter by Jose Miguel Esparza, the author of peepdf tool, about a challenge he created for Black Hat Arsenal conference in USA. So reading the blog post I decided to play with the challenge and now here’s my writeup solution. I hope that you like […]

Inside a Kippo honeypot: how the billgates botnet spreads

A few months ago I decided to install a honeypot to find some new threat and to collect some new malware to be analyzed. There are several honeypot I had in mind to try, but for now I have chosen Kippo. From the Kippo’s homepage: “Kippo is a medium interaction SSH honeypot designed to log brute […]

AndroidOS.Opfake.a malware analysis

While sifting through the Clean-MX malware database I found one suspicious APK with a low detection rate (3/39 on VirusTotal), so I decided it was worth to a look at what seemed to be an OpFake variant. Clean-MX Link: http://support.clean-mx.de/clean-mx/viruses.php?id=14835516 VT Link: https://www.virustotal.com/it/file/f0a24c53a84c413175594bd8b25a9eebe3f04d6fbf944a9e88cc293d7e911944/analysis/ APK Link: OpFake (as usual password is infected) The malicious application has the […]

Morto Malware Analysis

Today we’re going to analyze Morto.A a malware which, in this weeks, is spreading in many Internet places. It’s a worm that allows unauthorized access to an infected computer and tries to compromise administrator passwords for Remote Desktop connections, through RDP protocol, on a network. Indeed this threat infecting computers by targeting accounts that have […]