Extracting BitLocker keys with Volatility (PoC)

**Update 2016-03-13:**There is more detail, including a link to a plugin for Volatility in the more recent articleRecovering BitLocker Keys on Windows 8.1 and 10 [https://tribalchicken.com.au/technical/recovering-bitlocker-keys-on-windows-8-1-and-10/] . This article is mainly to document a proof-of-concept Volatility plugin to extract the Full Volume Encryption Key (FVEK) from a memory dump… continue reading

Automated Malware Analysis: mail server -> Cuckoo, V2.0

Quite some time ago I slapped together a couple of scripts to submitquarantined attachments from my mail server to Cuckoo (Article here [https://tribalchicken.com.au/informational/automated-malware-analysis-mail-server-cuckoo/] ). I have finally found time to re-write this to use a Postfix content filter: extracting any attachments from an email processed by Postfix, then submitting to Cuckoo… continue reading

Maybe I should stick to software...

A story about bricking some hardware, then encasing said brick in a large concrete slab. People generally only publish their successes and with fairly good reason –  For the publicity, reputation and possibly to impress prospective employers. Conversely, for the opposite reasons no-one wants to broadcast to the world “Actually… I failed miserably at something.” I… continue reading

CryptoWall spreading via HT Flash 0-day

Well that didn’t take long. UPDATE 1: Chromes Sandboxing may be a useful defence [https://twitter.com/j0echip/status/618173361651322880]. UPDATE 2: Adobe have released a patch: https://www.adobe.com/products/flashplayer/distribution3.html ACTION REQUIRED: Update your Flash player now! Disable Flash unless required, uninstall Flash completely or set Flash as click-to-play… continue reading