Uncategorized

May 24, 2010

Waledac’s Anti-Debugging Tricks

The last spreading malware version of Waledac, a notorious spamming botnet that has been taken down in a collaborative effort lead by Microsoft earlier this year, […]
November 15, 2009

RE-Google – or how Grandma started Reverse Engineering

Some people say “Reverse Engineering is an art”. Well, this might be true if you consider stuff like mathematics as art. It is more an application […]
August 7, 2009

Honeybrid testing

Second milestone reached! Honeybrid has now all its functionalities working and it’s time for testing. In order to check that everything works efficiently, I deployed a […]
July 10, 2009

Conficker.A going down?

Conficker contains a piece of code that has been object of speculation: It does not infect boxes located in the Ukraine. Before sending an exploit, it […]
June 5, 2009

Iteolih: Is this worth your time?

Hello, due to the length of the whole term Improving the effectiveness of low interaction honeypots, I decided to use Iteolih as uniq abbrevitation. Things are […]
May 24, 2009

Iteolih: Python Benchmark

As the plan is to embedd python as scripting language into the honeypot, I ran a benchmark on a testsuite. The ‘testsuite’ is a c core […]
January 27, 2009

Speaking Waledac

While it seems to be impossible to say whether waledac is the successor of storm or not, what we can do is take a look at […]
January 2, 2009

Waledac is wishing merry christmas

Waledac is wishing merry christmas There is a new bot in town. It’s called Waledac. The way it is spreading reminds a lot of people of […]
December 10, 2008

libemu: Detecting selfencrypted shellcode in network streams

As libemu had it’s second release (0.2.0) lately, I’ll try to introduce it to the audience who did not hear about it yet. libemu is a […]