CryptoWall 3.0: still alive.

Note: This is not yet a full analysis. Early this morning I received several phishing emails that look suspiciously like those associated with the delivery of Cryptowall 3.0…. The zip files contain an obfuscated .js file. Unfortunately I did not get time to take a look until I got home from work. But sure… continue reading

A look inside a malicious macro

An interesting sample landed in my samples database the other day. It’s an email with a word document attached. The email, as usual, claims that this company has found discrepancies on some transactions, and needs you to read the document to verify these transactions. This attached file contains a malicious Visual Basic macro which,… continue reading

Location-aware bushfire SMS alerts

I’ve put together a small Python script which can be used to subscribe to a CAP (Common Alerting Protocol) feed, analyse basic information and push it out my SMS Gateway if the alert fits certain location criteria. [![](/content/images/2015/01/Screen-Shot-2015-01-13-at-11.12.01-pm.png)](/content/images/2015/01/Screen-Shot-2015-01-13-at-11.12.01-pm.png)SMS… continue reading

Thunderstrike: EFI rootkit for MacBooks

Well this is cool. Trammell Hudson presents his Thunderstrike exploit. In this presentation we demonstrate Thunderstrike, a vulnerability that allows the installation of persistent firmware modifications into the EFI boot ROM of Apple’s popular MacBooks. The bootkit can be easily installed by an evil-maid via the externally accessible Thunderbolt ports and can survive reinstallation… continue reading

Code and stuff

Here is some code and bits and pieces of old projects I have floating around and no longer work on. There are two projects here, one is a GSM tracker for the car. The other is a Nerf autonomous sentry gun. These were small hobby projects so a lot of it is unfinished and undocumented.… continue reading