Court of Analysis and Testing

It's bad enough that many people around the world are affected and died by coronavirus but I think this situation is getting worse because I found out that malware author actually used this situation to start spreading their malware campaign. For me, It's not surprised since they always follow the latest trend and device a new malware type for getting a new profit, one of the examples that we can use is ransomware. After a couple of hours strolling around the internet haystack with my android VM, I found some dodgy website that offers an app that claims that can track coronavirus spread in your location. Long story short, it turns out that this is a ransomware that demands the victim to pay a certain BTC to them. I try to reverse engineer the malware and luckily I found out how to open the device. If you don't have time and just want to unlock your device the key is 4865083501 Preliminary static analysis: Malware md5 hash: 69a6b43b5f63030938c578eec05993eb Ma...

meme source: https://www.mememaker.net/meme/if-you-practice-4240 No matter how far you go, it is important to always practice the concept over and over again by giving yourself a new challenge in every opportunity. So in this post, we are going to take a look at another good challenge for practicing Linux exploitation which is SmashTheTux that come from "Vulhub" platform but because I don't want you guys to be overwhelmed with the material I will cut the writeup into several parts. VM can be download from this link: https://www.vulnhub.com/entry/smashthetux-101,138/ Warm-up -> 0x00: Once you installed and started the VM in your VirtualBox, the machine will offer us 9 challenged in the home directory, each of them contains a common vulnerability in the Linux binary that we can exploit to take control the program the first challenge 0x00, give use the following piece of vulnerable code: If you are already indulged with binary exploitation long enou...

Welcome back to the android malware analysis series, today we are going to analyze one of the sample from "zazdi" botnet campaign that is found back at around 2019. What is really interesting about this particular type of malware species is how creative the malware author utilizes a known good service to launch their operation. as we know in the world of malware analysis, botnet requires to talk to its C&C server(Command & Control server) in order to take the next step of the attack. C&C server naturally easy to spot by malware analyzer since it always used a rogue server But zazdi botnet uses Firebase Cloud Messaging (FCM) as its C&C server to send communication messages with its infected device. FCM is basically just a new version of Google Cloud Messaging the malware samples can be download from https://github.com/ashishb/android-malware/blob/master/zazdi_botnet/4593635ba742e49a64293338a383f482f0f1925871157b5c4b1222e79909e838.apk Static Analy...