Writing a Malware Config Parser Using Radare2 and Ruby
/Radare2 has been receiving a lot of attention lately. Rather than browsing through some of the documentation, I decided to try and port some existing code to use Radare.
Read MoreBernhardPOS – New POS Malware Discovered by Morphick
/Yet another new credit card dumping utility has been discovered. BernhardPOS is named after (presumably) it’s author who left in the build path of “C:bernhardDebugbernhard.pdb” and also uses the name Bernhard in creating the mutex “OPSEC_BERNHARD”. This utility does several interesting things to evade antivirus detection. We’ll talk over some of them in detail. Details about the sample, including a hash are available at the end of this writeup.
Read MoreThe Mozart RAM Scraper
/The Home Depot breach was a very high profile case this year, which brought the security of point of sale machines into the spotlight. After some mumblings and a bunch of misinformation about who/what and how the attack came about, little pieces of information started to make their way to the surface. Several of which were reports a new malware dubbed “Mozart.”
Read More