Saturday, November 12, 2016

Analyze Macro Code from Malicious Documents

Microsoft office is something i guess everybody uses it and knows about it and you are a regular computer user then to somewhat extent you are definitely going to use Microsoft office or any other variant, so in this particular post we want to show you how malicious documents can be analyzed in order to find malicious macro code. so let's start it.

Malicious Samples

Macro Code is usually written in vba programming for more on it just see the wiki. here i have some malicious sample files which you can get by asking me in comments. they contain some macro code which basically just pings localhost and opens notepad.exe on a windows host.

vba programming
malware asking for enable macro

Friday, November 11, 2016

cuckoo sandbox Automated Malware Analysis

cuckoo is a very famous automated malware analysis sandbox using which you can create your own poor guy's malware analysis lab. so let's see how we achieve the goal, stay with me.

Installation & First Run

As the Focus is not installation so i'll simply not let you suffer the huge article pain for installation, if you feel free to install you are pretty good to go with default installation url and if you feel like lost ping me and i'll help you in setting it as much as i can. okay so i assume you guys have already installed cuckoo and let's first run the cuckoo sandbox and virtual-box as well so that cuckoo can find our guest windows xp.

malware analysis sandbox

Thursday, November 10, 2016

Digital Forensics Investigation with Autopsy

autopsy is a digital forensic investigation tool used by military personnels and corporate examiners to investigate which operations were currently performed on a target system, flash drive or specific files. so let's dig into it.

Get Autopsy

first of all we need to get Autopsy from this URL and then install it, upon successful installation you should be greeted with following screen.

forensic autopsy
autopsy first run