Using robots.txt to locate your targets

As you know, the majority of the webmasters upload a file called robots.txt to their servers in order to give instructions to the crawlers like Google, Yahoo, Bing... about what pages mustn't be indexed. Example: http://behindthefirewalls.blogspot.com.es/robots.txt Why does the webmaster want to hide some URLs? One of the first things the hackers...

Read More

How to Install Cuckoo Sandbox on Ubuntu 10.04 TLS

Cuckoo is a free malware analysis system. You can analyze any suspicious file with Cuckoo and it will give you some very detailed feedback: Traffic captures in Pcap format. Traces of win32 API calls. Information about processes created by the malware. Files that have been downloaded, modified or removed during the malware execution. Register keys...

Read More

Zeus Trojan - Memory Forensics with Volatility

In this post I'm going to talk about Volatility. Volatility is one of  the best tools for memory forensics. It is an open source framework writen in python for incident response and malware analysis. Thanks to Malware Analyst's Cookbook we can get a real memory dump from an infected host with Zeus Trojan. You can donwload zeus.vmem.zip [41,4...

Read More

Searching attacks in your apache logs with Scalp

Scalp is a log analyzer for the Apache web server written by Romain Gaucher. The goal of this tool is to search through the apache log files and detect the possible attacks that have been sent through HTTP/GET. Scalp get the regular expression from the PHP-IDS and matches the lines from the acces.log file. This script is written in python and needs...

Read More

ZeroAccess Trojan - Network Analysis Part II

As I said in ZeroAccess Trojan - Network Analysis Part I ,  the goal of this trojan is to earn money through Click Fraud... When the host has been already infected and it is a member of the botnet, the host beginning to generate a large amount of clicks on advertisements. With each click on an advertisment they are making money. I'm going...

Read More