We are pleased to announce that we have provided access to public to obtain information on malwares collected by our LebahNET Sensor. Interested parties may access this information by using our Public API. These are public API that we’re offering to public: – List of Malware MD5 – List of latest 10 Malware MD5 with […]
Heartbleed Checker
Heartbleed (CVE-2014-0160) is a vulnerability on OpenSSL library which is affected on million of website. This will cause any user on the internet to read system memory. Our team have working to provide an alternative URL for user to verify their web server for vulnerable OpenSSL. User can visit to the following URL: http://heartbleed.honeynet.org.my/ If […]
Converting String, Hex and Fixnum Using Ruby
1.0 Introduction Software development in the security domains always involve converting from and to hex and binary format. For those new to certain languages, a high learning curve is involved and this translates to increasing the development cost. This article concentrates in using the ruby language to help new comers shorten the learning curve. To […]
IDA Pro: IDC Script for Decrypting VB Obfuscated Malware
I was playing with a piece of malware with Jun Yee and we came across an obfuscated string in the VB code. The malware itself was written in Microsoft Visual Basic 6. It has a feature that allows the malware to overwrite itself after execution just to make it a bit stealthier. Additionally, the virus […]
Antaramuka Pengaturcaraan Aplikasi untuk VirusTotal
Virustotal telah menjadi salah sebuah tempat rujukan yang sangat berguna dalam memastikan sesebuah fail itu berbahaya atau tidak. Jika dilihat dari sisi hadapan, virustotal telah mengumpulkan antivirus-antivirus yang terkenal sebagai enjin untuk memberitahu tentang status sesebuah fail yang ingin dikesan. Ini ketara keberkesanannya dari sudut keutuhan sesebuah keputusan, yang mana, rujukan silang (cross-reference) diantara kesemua […]
New features added to MyKotakPasir 2
A lot of improvements has been added in the last 2 months including security fixes, producing better report output and making the back end analysis engine more stable. The following are the list of updates: Antivirus scanning results now being taken care by VirusTotal Import Address Table Hook result Hex Dump output can be downloaded […]
MyX1: SSDT Detector and Remover
MyCERT has developed a tool to detect and restore changed address of API made by rootkit. MyX1 SSDT Detector and Remover is a part of our Malware Tracking project. Figure 1: Screenshot showing MyX1 SSDT The application relies on two two (2) files will be use upon execution: 1. ssdt.sys is used to list all […]
mysql subqueries bug
Setelah projek pkaji, kami cuba menambahkan maklumat/profile untuk setiap serangan RFI. Ketika menulis kod untuk menggali maklumat yang tersimpan dalam database yang mempunyai hubungan many-to-many, didapati mysql mengambil masa yang terlalu panjang. Dari penilitian yang dibuat, sql yang paling luar ketika penggunaan subqueries tidak optimize kerana enjin mysql gagal menggunakan index yang sesuai. Kod yang […]
ruby mysql blob
Recently, one of mycert’s internal project required that PDF files to be saved into the database (MyQL). Since its is not easy to find the sample code via Google, here’s a quick note for future reference. fContent = File.open(“/path/file”, “wb”).read() db = Mysql.new(‘localhost’, ‘user’, ‘password’, ‘database’) st = db.prepare(“insert into tableA( fieldBlob) values (?)”) st.execute(fContent) […]
You must be logged in to post a comment.