Scenario
The system had Full Disk Encryption (FDE) via McAfee SafeBoot and I had recently changed my Windows password but apparently fat fingered it from what I thought I had changed it to which left me unable to authenticate to Windows. The OS and SafeBoot were working properly and I...
Update 04/09/2013 - NoMoreXOR is now included in REMnux as of version 4.
Have you ever been faced with a file that was XOR‘ed with a 256 byte key? While it may not be the most common length for an XOR key, it’s still something that has popped up enough...
I recently had a discussion with another coworker regarding scenarios where you can try and determine if something malicious is or was on a system based on mutexes.
Mutexes
For those unfamiliar with what a mutex/mutant is, a definition:
Stands for Mutual Exclusion Object, a programming...
Continue reading »
Disclaimer - the intent of this post is for educational and research purposes only. Don’t be lame and use it to steal copyrighted material.
There’s been quite a bit of chatter lately with the recent discovery of the latest IE 0-day. While reading through one of the other researchers posts...
With the talk of the .4 release of cuckoo to be publicly released shortly I figured I should get this post out as some of the things I talk about here are said to be addressed and included in that release. If you don’t want to wait for that release...