Writing a Malware Config Parser Using Radare2 and Ruby
/Radare2 has been receiving a lot of attention lately. Rather than browsing through some of the documentation, I decided to try and port some existing code to use Radare.
Read MoreRadare2 has been receiving a lot of attention lately. Rather than browsing through some of the documentation, I decided to try and port some existing code to use Radare.
Read MoreYet another new credit card dumping utility has been discovered. BernhardPOS is named after (presumably) it’s author who left in the build path of “C:bernhardDebugbernhard.pdb” and also uses the name Bernhard in creating the mutex “OPSEC_BERNHARD”. This utility does several interesting things to evade antivirus detection. We’ll talk over some of them in detail. Details about the sample, including a hash are available at the end of this writeup.
Read MoreMorphick Cyber Security, Inc
Recent Posts From MGMT