Guide: Cuckoo Sandbox on FreeBSD
This is a guide through configuring a basic Cuckoo Sandbox installation on a FreeBSD host. The main points of difference between a Linux and a FreeBSD install lie in the configuration of the firewall for the host to NAT connections between the Virtualbox host-only network and the Internet. I don't often write guides, however decided… leer más
Automated Malware Analysis: mail server -> Cuckoo, V2.0
Quite some time ago I slapped together a couple of scripts to submit quarantined attachments from my mail server to Cuckoo (Article here). I have finally found time to re-write this to use a Postfix content filter: extracting any attachments from an email processed by Postfix, then submitting to Cuckoo (on a different box) via… leer más
CryptoWall 3.0 + Fareit / Pony Combo
In this article I’m taking a look at the recent malware double-whammy of CryptoWall 3.0 and Fareit (or Pony, depending on classification). This is a rather potent combination which will encrypt all your data on your PC, as well as steal information such as passwords and BitCoin wallets. Note: At this point I… leer más
Crypt0L0cker - TorrentLocker Rebranded
Recently here in Australia there has been some discussion about a Ransomware campaign using Australian Federal Police themed spam emails (The AFP published a press release on the matter in April). The malware shares many characteristics with TorrentLocker and looks to be nearly identical. This is fairly generic information about this Crypt0L0cker variant, not a… leer más
Hunting malware through memory analysis
A word of warning… Lots of screenshots in this post. Update 10/05/2015: I’ve updated the article with more information about some of the commands used in order to help out people who aren’t familiar with Volatility. When hunting a piece of malware it can be very interesting to have a poke… leer más