Investigating cisco routers

This blog post is aimed at incident response teams who need to investigate and gather evidence from a cisco router in a forensically sound manner. This may be where an internet facing router has been identified and is using default logon creds, perhaps Cisco Smart install was left enabled or you may just want to take a look at who has been poking around on the box. This post outlines how to gather simple things such as logs from the device and also check to see if the IOS has been tampered with and potentially implanted with something malicious.

Read More

Emotet c2 obfuscation

I’ve taken a look at a couple of Emotet emails today and noticed they have tried to hide their list of C2’s that are embedded within the document.

Read More

Rtf analysis & lokibot

Here is some analysis I completed on an email I came across that contained a malicious RTF file that dropped Lokibot malware.

Read More

Remcos analysis

I thought this would be a good starting point to share some simple behavioural malware analysis. The sample in this post came from a phishing email that contained a malicious Microsoft Excel file.

Read More

Welcome to my blog

I’ve put together this blog for anybody who has an interest in Malware and all the geeky stuff that goes along with it. In my current role I do a lot of Malware analysis and thought it would be cool to share some of what I do with the security community.

Read More