Tuesday, January 21, 2014

When we are involved in an incident handling and we are in charge of analyzing a traffic capture in a pcap format related to an attack, one of the things we usually need to do is get the files which were downloaded. The reason is that we need to have a copy of the malware or the exploit to analyze it by reversing engineer or similar...  We...

Posted on Tuesday, January 21, 2014 by Javier Nieto

1 comment

Sunday, January 12, 2014

You can read the first part of this post here: http://www.behindthefirewalls.com/2013/12/stuxnet-trojan-memory-forensics-with_16.html DETECTING API CALLS If we use the command below, we can see the strings of these exported files in order to try to locate some interesting words... strings evidences/process.* Thank to Volatility we can find the...

Posted on Sunday, January 12, 2014 by Javier Nieto

No comments

Monday, January 06, 2014

Stuxnet could be the first advanced malware. It is thought that it was developed by the United States and Israel to attack Iran's nuclear facilities. It attacked Windows systems using a zero-day exploit and It was focused on SCADA systems in order to  affect critical infrastructures... Also, it may be spread from USB drivers. It is necessary...

Posted on Monday, January 06, 2014 by Javier Nieto

No comments