.rar Files and ACE Exploit CVE-2018-20250, (Mon, Apr 22nd)

Reader Carlos submitted an email with attached RAR file.

Analyzing UDF Files with Python, (Fri, Apr 19th)

Yesterday, Xavier wrote a diary entry about malicious UDF files.

Malware Sample Delivered Through UDF Image, (Wed, Apr 17th)

I found an interesting phishing email which was delivered with a malicious attachment: an UDF image (.img). UDF means “Universal Disk Format” and, as said by Wikipedia[1], is an open vendor-neutral file system for computer data storage. It has supplented the well-known ISO 9660 format (used for burning CD & DVD) that was also used in previous […]

A few Ghidra tips for IDA users, part 2 – strings and parameters, (Wed, Apr 17th)

Continuing with my preliminary exploration of Ghidra. If we continue with the call to RegOpenKeyExA from last time (yes, I know this code is unreachable as we discussed last time, but let’s keep going anyway).

Odd DNS Requests that are Normal, (Tue, Apr 16th)

If you ever heard me talk about DNS, you will know that I am a big fan of monitoring DNS queries, and I think DNS query logs are the best “band for the buck” log source to detect anomalous behavior. Everything that happens on your network, good or bad, tends to be reflected in DNS.