A look inside a malicious macro

An interesting sample landed in my samples database the other day. It’s an email with a word document attached. The email, as usual, claims that this company has found discrepancies on some transactions, and needs you to read the document to verify these transactions. [https://tribalchicken.net/content/images/2015/02/Screen-Shot-2015-02-11-at-9.30.19-pm.… continue reading

Location-aware bushfire SMS alerts

I’ve put together a small Python script which can be used to subscribe to a CAP (Common Alerting Protocol) feed, analyse basic information and push it out my SMS Gateway [https://tribalchicken.com.au/?p=307]if the alert fits certain location criteria. [![](/content/images/2015/01/Screen-Shot-2015-01-13-at-11.12.01-pm.png)](/content/images/2015/… continue reading

Thunderstrike: EFI rootkit for MacBooks

Well this is cool. Trammell Hudson presents his Thunderstrike exploit. > In this presentation we demonstrate Thunderstrike, a vulnerability that allows the installation of persistent firmware modifications into the EFI boot ROM of Apple’s popular MacBooks. The bootkit can be easily installed by an evil-maid via the externally accessible Thunderbolt ports and can survive… continue reading

Code and stuff

Here is some code and bits and pieces of old projects I have floating around and no longer work on. There are two projects here, one is a GSM tracker for the car. The other is a Nerf autonomous sentry gun. These were small hobby projects so a lot of it is unfinished and undocumented.… continue reading