Tag Archive

Return of the Penguin Challenge – ELF (?) Binary (?)

Published on April 5, 2016 By lynx

Our friends from BSidesLondon have set up a challenge for you. It’s a little ELF binary with some odd properties. That’s all we will tell you. Have a look for yourself. In case you are forensically inclined, we might have a little Call for Papers email for you. There is a lot of strange code […]

DeepSec 2013 Video: Malware Datamining And Attribution

Published on February 7, 2014 By lynx

Popular culture totally loves forensics (judging by the number of TV shows revolving around the topic). When it comes to software a detailed analysis can be very insightful. Most malicious software isn’t written from scratch. Some components are being reused, some are slightly modified (to get past the pesky anti-virus filters). This means that (your) […]

Protect your Metadata

Published on June 9, 2013 By lynx

In the light of the recent news about the collection of call detail records (CDR) the term metadata has come up. Unfortunately the words cyber, virtual, and meta are used quite often – even as a disguise  to hide information when not being used in a technical context. We have heard about all things cyber […]

DeepSec 2012 Talk: The „WOW Effect“

Published on October 24, 2012 By lynx

If you have ever been in the position of analysing the remains of a compromised system, then you will probably know that a lot of forensic methods rely on data stored in file systems. Of course, you can always look at individual blocks, too, however sooner or later you will need the logical structure of […]

DeepSec 2012 Workshop: Malware Forensics and Incident Response Education (MFIRE)

Published on September 24, 2012 By lynx

Malicious software is the major tool for attackers. It is used to deliver the payload so that compromised systems can be exploited and secured for executing further tasks by your adversaries. Getting to now this malicious software and finding traces of the breach is very important for dealing with a security event. Proper incident response […]