Posts

Showing posts with the label hacker website

Analysis of portable executable files with PEFRAME

Image
These days hackers are using numerous ways to get into our systems. One of them is by sending a malicious portable executable file to us or make us download the malicious executable file and execute it on our system.We have seen one such Real World Hacking Scenario in the issue of Hacker Computer School Dec 2018 In this scenario we have not only seen how hackers can make malicious executable files but also how they bypass antivirus and convince the innocent users to click on those malicious files. In this howto, we will learn how to perform analysis of portable executable files. Analysis helps us to determine what the file was intended to do once clicked. There are two types of analysis: static analysis and dynamic analysis. In static analysis the sample is analyzed without executing it whereas in dynamic analysis the sample is executed in a controlled environment. Static analysis is performed on the source code of the sample portable executable. There are various tools which help us…

RITA v1.1.1: Real Intelligence Threat Analytics

Image
Real Intelligence Threat Analytics (RITA) is an open source framework for network traffic analysis. The framework ingestsBro Logs, and currently supports the following analysis features: Beaconing Detection: Search for signs of beaconing behaviour in and out of your networkDNS Tunneling Detection Search for signs of DNS based covert channelsBlacklist Checking: Query blacklists to search for suspicious domains and hostsURL Length Analysis: Search for lengthy URLs indicative of malwareScanning Detection: Search for signs of port scans in your networkChangelog v1.1.1 Changes: Make some commands periodically check for program updates #255Update Mongo version to 3.6 #248