Extracting BitLocker keys with Volatility (PoC)
**Update 2016-03-13:**There is more detail, including a link to a plugin for Volatility in the more recent articleRecovering BitLocker Keys on Windows 8.1 and 10 [https://tribalchicken.com.au/technical/recovering-bitlocker-keys-on-windows-8-1-and-10/] . This article is mainly to document a proof-of-concept Volatility plugin to extract the Full Volume Encryption Key (FVEK) from a memory dump… continue reading
Automated Malware Analysis: mail server -> Cuckoo, V2.0
Quite some time ago I slapped together a couple of scripts to submitquarantined attachments from my mail server to Cuckoo (Article here [https://tribalchicken.com.au/informational/automated-malware-analysis-mail-server-cuckoo/] ). I have finally found time to re-write this to use a Postfix content filter: extracting any attachments from an email processed by Postfix, then submitting to Cuckoo… continue reading
Maybe I should stick to software...
A story about bricking some hardware, then encasing said brick in a large concrete slab. People generally only publish their successes and with fairly good reason – For the publicity, reputation and possibly to impress prospective employers. Conversely, for the opposite reasons no-one wants to broadcast to the world “Actually… I failed miserably at something.” I… continue reading
CryptoWall spreading via HT Flash 0-day
Well that didn’t take long. UPDATE 1: Chromes Sandboxing may be a useful defence [https://twitter.com/j0echip/status/618173361651322880]. UPDATE 2: Adobe have released a patch: https://www.adobe.com/products/flashplayer/distribution3.html ACTION REQUIRED: Update your Flash player now! Disable Flash unless required, uninstall Flash completely or set Flash as click-to-play… continue reading
CryptoWall 3.0 + Fareit / Pony Combo
In this article I’m taking a look at the recent malware double-whammy of CryptoWall 3.0 and Fareit (or Pony, depending on classification). This is a rather potent combination which will encrypt all your data on your PC, as well as steal information such as passwords and BitCoin wallets. Note: At this point I… continue reading