Dec 16, 2013
Andrew Brooks

If I were asked what kinds of things keep me up at night, I’d probably say: too much caffeine during the day, SCADA software, and web browsers.  The first two are easy to explain, but web browsers are a much different beast. They’re just so complicated and robust!  Between the plugins and core components, they […]

Stack Trace
Nov 25, 2013
Andrew Brooks

I am by no means a malware expert, but I do deal with it on a fairly regular basis out of necessity. One tool which I often fall back on for quick and dirty dynamic analysis is the Preservation Filesystem Driver.  I stumbled across this piece of software while I was reading The Malware Analyst’s […]

Stack Trace
Oct 15, 2013
Andrew Brooks

Welcome back for the 3rd and final installation in our series which covers the Vivisect framework.  For this post, we’ll be focusing on VDB, which is a powerful and scriptable debugger written in Python.  With that in mind, let’s get started and we’ll begin by using the program “conditional” which is an elite and imaginative […]

Stack Trace
Sep 29, 2013
Andrew Brooks

Picking up from where we left off on our last post, let’s keep working with the Vivisect GUI and explore some additional functionality.  If you followed along from the first part, we’ve identified our string and if we jump back to the function graph, it might be good for us to add a comment so […]

Stack Trace
Sep 8, 2013
Andrew Brooks

Early this month, a new version of Vivisect was released which fixed a large amount of bugs, and added a tremendous amount of new features.  While looking over the changelog and documentation, I realized that there doesn’t really seem to be a good tutorial or primer for getting familiar with the Vivisect framework so hopefully […]

Stack Trace
Aug 26, 2013
Andrew Brooks

A few days ago, just after installing some new software, I ran into a curious bug that prevented one of my favorite programs from loading after Software X had been installed (names have been changed to protect the guilty).  The error I was getting way up in userland informed me that a driver could not […]

Stack Trace
Aug 11, 2013
Andrew Brooks

When we left off last week, we had just gotten started with Minion by Mozilla and while we did (superficially) cover plugins, setting up the virtual machine, and adding users, there’s still a lot more we can learn about this awesome and powerful framework.  For the sake of keeping things simple, let’s keep working with […]

Stack Trace
Aug 4, 2013
Andrew Brooks

In a previous blog post, I talked about the importance of empowering your developers with security tools, such as Arachni and W3AF.  Last week, while getting caught up on some security-related mailing lists, I came across a platform created by Mozilla called Minion, which is designed to do just that.  From the Mozilla Wiki: Minion […]

Stack Trace
Jul 28, 2013
Andrew Brooks

I am a firm believer that in the field of information security, tools are overrated.  I, like all security professionals, have a long list of software that I rely on for getting work done, but make no mistake; tools do not provide security nor do they provide knowledge, and at best, they provide insight and […]

Stack Trace
Jul 15, 2013
Andrew Brooks

It’s not hard to do a quick search and find a plethora of blog posts, scholarly articles, and editorials that stress the importance of strong passwords and the importance of rotating your passwords regularly.  While this is all great advice, it is largely unenforceable out outside of a corporate environment where things like GPOs don’t […]

Stack Trace