RedKit Java exploit – under the hood

Here I put some technical details about RedKit Java exploit. I will use real sample of captured network traffic. The analysis was done using the following tools: CuckooBox 0.6, Java Decompiler GUI, Wireshark. Don’t follow any URLs in this post! They may still contain the malware. OK, now step 1: a victim visits an infected … Read more

ESM ArcSight plugins – how to

Introduction I attended many sessions at the “HP Protect 2012” conference last September and one of them – the “Plug it in!” by Doron Keller (HP/ArcSight) was very interesting for me. As a former software developer, I always like any possibilities of enriching features of an existing product by writing few lines of code. Furthermore … Read more

BitCoin malware

Last weekend a friend of mine told me about some issue with her new laptop: suddenly IE’s home page was set to Desjardins ( Well, nothing wrong, it is a legitimate web site except one thing that she was not able to change it! I agreed to take a look and asked to run the … Read more