Presented by Tim
Follow me on Twitter
Following on from the malware, I investigated earlier in the month, my friend gave me further files to continue working out what was the function of the malware. See part 1 here.. All analysis was performed on a virtual machine and only details which could have identified the victim have been removed.
What I was given The first think he pointed out was that there was over 50MB of the infection.
Presented by Tim
Follow me on Twitter
Update - Part 2
I was asked earlier this week by a friend to have a look at some malware, which had been uncovered on a compromised computer. I didn’t ask where it had came from, or indeed the host environmnet. Having programmed in PHP since university and malware analysis is kind of a hobby, I thought I would give it a go.
Presented by Paul
Follow me on Twitter
Useful Pages for the crypto challenges Dcode Dcode.fr is a really cool website with lots of different tools to help with decoding of various cryptography
CyberChef Cyberchef is a tool that you can use to encode and decode things into all sorts of different formats, it’s a really great tool you should check it out!
There also seems to be a Twitter account that will post more clues
Presented by Tim
Follow me on Twitter
Soon …
Presented by Paul w
Follow me on Twitter
Introduction Tonight I thought I’d have a go at a box on VulnHub the box I picked was a fairly recent one as I wanted to ease myself back into doing some CTFs - I’ve been a bit busy doing other things recently - anyway I chose the box Bob:1.0.1 it sounded fairly simple:
“Your Goal is to get the flag in / Hints: Remember to look for hidden info/files”
Presented by Tim
Follow me on Twitter
Introduction This is a follow up article to Paul W’s write-up about m1con’s mobile ctf. In the article, Paul mentioned Cyberchef, and it was a quick way of solving the challenge.
Since Cyberchef wasn’t covered, and may provide a quicker solution for future ctf challenges, I decided to describe it here.
What is CyberChef? CyberChef was developed by GCHQ to quickly perform certain operations on inputs.
Presented by Paul w
Follow me on Twitter
Introduction Last night I went to the meetup group “M1 Con” hosted by Digital Interruption and Outsource UK Ltd.
Jay Harris gave a talk about mobile security - it wasn’t super technical, but it highlighted the fact that clearly security is still a bit of an after thought especially when it comes to mobile development - he cited examples of issues that crop up in mobile devices that were fixed in web apps (XSS vulnerabilities for example) long ago.
Written by Tim
My “Weird” Path to Infosec This article was inspired in part by the growing number of people tweeting about thier infosec Journeys. As mine is a little long, I though I would blog about it, rather than tweet.
It is well established that I am reasonably old. Not massively old, just reasonably. Apparently, I am a member of a generation which is called the Xennials. I had an analogue childhood and now live in a digital time.
Written by Rob
Whilst analysing a number of free communication based applications on the Google Play Store, I took a look at WiFi Baby Monitor: Free & Lite (the free version of WiFi Baby Monitor). Although the premium version offered users the ability to specify a password to be used in the pairing process, the free version offered no such function.
Monitoring the traffic using Wireshark during the pairing process revealed:
Written by Rob
What I Am Writing About Unlike most things I publish, this isn’t going to focus on how I came to find a vulnerability, but rather the problems I had trying to disclose it, and things that I could have approached better, in the hope it may help other people in the future if faced with being a small fish in a big pond which is trying to approach a larger organisation, who have few technical staff.