Converting a memory image from raw to padded

Convert a Linux memory image from a raw (where the System RAM ranges have been concatenated together) to a padded image, provided the early boot messages were present in the kernel ring buffer at the time of imaging. Includes Python code to convert an image automatically. Update 2016-06-29: The code on Github has been updated… leer más

CryptoWall: Magic behind the dropper

In this article we take a look at de-obfuscating the latest CryptoWall 3.0 dropper (Which is actually very, very simple). [https://tribalchicken.net/content/images/2015/03/ce0.png] As noted in a previous article [https://tribalchicken.com.au/security/cryptowall-3-0-still-alive/], the latest variant of CryptoWall 3.0 is getting around via a .js… leer más