Detecting Virtualized Environment in Gnu/Linux

As sysadmin, it is hard to tell if you’re  in physical or virtualized environment 😉 Below are some command line available to detect whether we’re in virtualized environment or not : user@server1:~$ dmesg | grep -i vmware [    0.000000] ACPI: SRAT 0000000041ef07f6 00080 (v02 VMWARE MEMPLUG  06040000 VMW  00000001) [    1.470135] ata1.00: ATAPI: VMware Virtual […]

(Yet Another) Quick Botnet Analysis

Botnets are network of malware-infected machines that are controlled by an adversary. Our approach to in studying this botnet is to perform active analysis by using an actual malware sample, infecting the machine and observe its activities. As we probe deeper into the network traffic collected by Wireshark, we find very detailed IRC functionality, attack […]

FIRST AGM and Annual Conference 2010

The annual FIRST conference provides a setting for conference participants to attend a wide range of presentations delivered by leading experts in both the CSIRT field and from the wider global security community. The conference also creates opportunities for networking, collaboration, and sharing technical information and management practices. Just as importantly, the conference enables attendees […]

OllyScript – Automating detection and unpacking the Conficker Worm Variant B/C

In order to bring the problem of extracting unpacking code into the realm of decidability,  MyCERT had been working on  automating the unpacking script in an assembly-like language. The script, called OllyScript,  can be used to unpack malicious worm Win32/Conficker B and Win32/Conficker C. OllyScript is the scripting language plugin for OllyDbg.  It simulates user’s […]