Persianov on Security
[Posts] [Projects] [Bugtrack] [Crackmes] [Tutorials]

[Windows worms. Forbix worm analysis.]

Anyone heard about Forbix worm? Good. Lots of us know how difficult is to remove a worm from an infected system or network. Of course it depends on multiple factors, like: the way it spreads, persistence mechanisms, disguise techniques used once machine is infected, reinfection methods, etc. These days, when someone says “Windows worm” we usually expect a highly sophisticated piece of malware, exploiting a 0-day/1-day vulnerability and “preferably” this vulnerability being in a service listening on a specific port exposed to the whole world. May be this is the case of the worm like ransomware WannaCry, but definitely not applicable to Forbix malware.

[Emotet malware analysis. Part 2.]

This is the Part 2 of my Emotet analysis. It covers phase 3 of the attack, specifically the PE file which is being dropped by infected websites, used in Phishing/Spam campaigns. Emotet is an advanced modular Trojan, predominantly used as Malware Distribution Platform, main goal being systems infection with other types of malware.

[Emotet malware analysis. Part 1.]

This is Part 1 of Emotet malware analysis I’m planning to post. It covers phases 1 and 2 of the attack, specifically phishing and establishing persistence in the infected system. Emotet is spread via phishing emails containing malicious links or attachments, and targets everyone (individuals, companies and governments).

[From Apache Struts to Cryptominers]

Remember Equifax hack and data of millions being stolen? Then you should also remember the Apache Struts 2 vulnerability, used during that attack. This sounds like an old news, but it seems to be exploited even to the day of this post. Someone is attacking web servers successfully and installs cryptominers, adding victims to a Monero pool.

[CrackMe challenges for Android]

Let’s solve some crackme challenges for Android. This post is going to be updated once new crackmes are out. All files have been tested both, in emulator and on physical device, so running them shouldn’t be a problem.

[Extract from pdf with textract. HOW TO]

Good day, everyone! This short tutorial explains how to extract text from pdf files, using Python’s textract module. I am going to show you how to install it correctly. So, feel free to leave a comment below.

[Newsletters vs humanity. Flood PoC]

Aloha! Today I’m gonna show you a simple yet powerful way to flood any mail box from ANY Email Service Provider (ex.: Google, Yahoo, Live.com [aka Hotmail], etc.). This method uses the “flaws” in subscribe feature on many websites.