Andrew Martin

One of the constant threats out on the internet are Remote File Inclusion (RFI) attacks. This class of threat is simple to execute and can yield very valuable results to the attacker. With the multitude of web applications out there, there are constantly new vulnerabilities discovered. The subject is rather large so I will have [...]

While investigating an attack, I came across a piece of javascript that was quite unusual. Most javascript obfuscated malware uses custom “packers” if you will to mangle the actual code that performs the attack. This code must become “unpacked” at some point to be interpreted by the web browser. Simply looking for document.write or eval [...]

Watching a recent SANS webcast by Lenny Zeltser peaked my curiosity in flash based malware. I decided to have a closer look at some flash based malware which I had collected to try and gain some more insight into how to analyze it. I’ll cover 3 samples and what I was able to find out [...]

I picked up a copy of a malicious pdf a week or so ago that was trying to infected a workstation. Lets crack it open and see what’s inside. Virus Total MD5: bccb814a5bcba72be31cdaf4e8805a7b Filename: pdf.pdf Simply running the file command on the pdf returns the following: pdf.pdf: PDF document, version 1.4 Running strings on pdf.pdf [...]