This is not the first IoT heavy botnet, Mirai takes that title, the interesting part is the Hajime botnet appears to be benign. So far no malicious functions have been detected in the codebase, other than the ability to replicate itself and block other malware, Hajime seems to have no DDoS or offensive mechanisms. Hajime […]
Archives for April 2017
pemcracker – Tool For Cracking PEM Files
pemcracker is a tool for cracking PEM files that are encrypted and have a password. The purpose is to attempt to recover the password for encrypted PEM files while utilising all the CPU cores. Inspired by Robert Graham’s pemcrack, it still uses high-level OpenSSL calls in order to guess the password. As an optimisation, instead […]
BEURK – Linux Userland Preload Rootkit
BEURK is an userland preload rootkit for GNU/Linux, heavily focused around anti-debugging and anti-detection. Being a userland rootkit it gives limited privileges (whatever the user has basically) vs a superuser or root level rootkit. Features Hide attacker files and directories Realtime log cleanup (on utmp/wtmp) Anti process and login detection Bypass unhide, lsof, ps, ldd, […]
Shadow Brokers Release Dangerous NSA Hacking Tools
It’s not the first time Shadow Brokers has been on the radar with NSA Hacking Tools, in August 2016 they exposed a bunch of 0-day exploits (also from 2013). This cache of tools appears to be from 2013, so was probably snatched during the same intrusion. This is somewhat more dangerous though as it provides […]
yarAnalyzer – Yara Rule Analyzer and Statistics Generator
yarAnalyzer is a Python-based YARA rule analyzer that can also generate statistics from yara rulesets. It also has an inventory creation feature that can output a CSV file detailing the rules. It creates statistics on a YARA rule set and files in a sample directory. Place some signatures with .yar extension in the “signatures” folder […]