Observation of Common String Obfuscation Trick

String obfuscation has become an enemy of string/pattern matching since forever. With string obfuscation tricks, string/pattern matching with no proper handling will surely return no significant results. This kind of tricks has to be taken into consideration when developing a security tool with string/pattern matching as its one of the main engine. In this post, […]

MyKotakPasir: Solved major problem during automated analysis.

MyKotakPasir 2 is a malware sandbox developed by Malware Research Center at MyCERT. A lot of  improvements have been introduced since the first version. For instance, in the previous version, 2 different programming languages, namely Python and VB, were used to handle analysis work. Due to some teething problems with Python,  I have changed everything to […]

Yet another PDF Analyz3r

[A blog post by Ahmad Azizan, practical student @ MyCERT] Until today, the attack on client-side through Adobe Reader’s vulnerabilities are not slowing down. Even though the patches for known Adobe Reader’s vulnerabilities has been released to public for quite a moment, but there is still a lot of  website that hosted the malicious PDF […]

Attention – Mail server upgrade

Attention! On October 22, 2009 server upgrade will take place. Due to this the system may be offline for approximately half an hour. The changes will concern security, reliability and performance of mail service and the system as a whole. For compatibility of your browsers and mail clients with upgraded server software you should run […]

Mass SQL Injection And Asprox Bot

Asprox is one of the botnet that implements mass sql injection to inject malicious *.js script into MSSQL database server. Normally Asprox bot will search for any vulnerable (sql injection, of course) *.asp script to inject the malicious *.js script and iframe into database. Typical sql injection is similar to log below:

It’s a […]