Persianov on Security
[Posts] [Projects] [Bugtrack] [Crackmes] [Tutorials]

[Emotet malware analysis. Part 2.]

This is the Part 2 of my Emotet analysis. It covers phase 3 of the attack, specifically the PE file which is being dropped by infected websites, used in Phishing/Spam campaigns. Emotet is an advanced modular Trojan, predominantly used as Malware Distribution Platform, main goal being systems infection with other types of malware.

[Emotet malware analysis. Part 1.]

This is Part 1 of Emotet malware analysis I’m planning to post. It covers phases 1 and 2 of the attack, specifically phishing and establishing persistence in the infected system. Emotet is spread via phishing emails containing malicious links or attachments, and targets everyone (individuals, companies and governments).

[From Apache Struts to Cryptominers]

Remember Equifax hack and data of millions being stolen? Then you should also remember the Apache Struts 2 vulnerability, used during that attack. This sounds like an old news, but it seems to be exploited even to the day of this post. Someone is attacking web servers successfully and installs cryptominers, adding victims to a Monero pool.

[CrackMe challenges for Android]

Let’s solve some crackme challenges for Android. This post is going to be updated once new crackmes are out. All files have been tested both, in emulator and on physical device, so running them shouldn’t be a problem.

[Extract from pdf with textract. HOW TO]

Good day, everyone! This short tutorial explains how to extract text from pdf files, using Python’s textract module. I am going to show you how to install it correctly. So, feel free to leave a comment below.

[Newsletters vs humanity. Flood PoC]

Aloha! Today I’m gonna show you a simple yet powerful way to flood any mail box from ANY Email Service Provider (ex.: Google, Yahoo, [aka Hotmail], etc.). This method uses the “flaws” in subscribe feature on many websites.

[Traffic mirroring setup on OpenWRT device]

This simple tutorial describes how to configure traffic mirroring on your OpenWRT capable router (using iptables) and send it to Snort IDS. Having an IDS running in your local network sometimes can help find infected machines connected to it, LAN attacks which can lead to sessions hijacking, Man-in-the-middle attacks and other nasty things.