Virustotal telah menjadi salah sebuah tempat rujukan yang sangat berguna dalam memastikan sesebuah fail itu berbahaya atau tidak. Jika dilihat dari sisi hadapan, virustotal telah mengumpulkan antivirus-antivirus yang terkenal sebagai enjin untuk memberitahu tentang status sesebuah fail yang ingin dikesan. Ini ketara keberkesanannya dari sudut keutuhan sesebuah keputusan, yang mana, rujukan silang (cross-reference) diantara kesemua […]
Detecting Virtualized Environment in Gnu/Linux
As sysadmin, it is hard to tell if you’re in physical or virtualized environment 😉 Below are some command line available to detect whether we’re in virtualized environment or not : user@server1:~$ dmesg | grep -i vmware [ 0.000000] ACPI: SRAT 0000000041ef07f6 00080 (v02 VMWARE MEMPLUG 06040000 VMW 00000001) [ 1.470135] ata1.00: ATAPI: VMware Virtual […]
(Yet Another) Quick Botnet Analysis
Botnets are network of malware-infected machines that are controlled by an adversary. Our approach to in studying this botnet is to perform active analysis by using an actual malware sample, infecting the machine and observe its activities. As we probe deeper into the network traffic collected by Wireshark, we find very detailed IRC functionality, attack […]
Update for Gallus Nov 3, 2010
Here are some of the major changes in the recent Gallus: Improved extraction of malform PDF object structure Added CAPTCHA functionality within sample submission Integrate virustotal API as ‘two-factor verification’ of sample analysis Added support for Adobe LibTIFF exploit analysis and detection If you happen to come across with error/bugs while using Gallus, feel free […]
No endstream, no endobj, no worries
In analyzing malicious PDF documents, being able to understand the format of its object structure is definitely useful. In order to look for malicious content inside the file, we might need to go through some of the process that’ll include interpreting the PDF object structure. The PDF object is enclosed with “obj” and “endobj”. Between […]
New features added to MyKotakPasir 2
A lot of improvements has been added in the last 2 months including security fixes, producing better report output and making the back end analysis engine more stable. The following are the list of updates: Antivirus scanning results now being taken care by VirusTotal Import Address Table Hook result Hex Dump output can be downloaded […]