Comments for Cyber Engineering Services http://www.cyberengineeringservices.com Website Thu, 07 Mar 2013 17:13:05 +0000 hourly 1 http://wordpress.org/?v=3.5.1 Comment on Categories by admin http://www.cyberengineeringservices.com/events/categories/#comment-235 admin Thu, 07 Mar 2013 17:13:05 +0000 http://cyber.i72dev.com/events/categories/#comment-235 Comment

]]> Comment on Trojan.Foxy-DES by admin http://www.cyberengineeringservices.com/trojan-foxy-des/#comment-233 admin Mon, 18 Feb 2013 03:38:41 +0000 http://www.cyberesi.com/?p=961#comment-233 It would be nice if we can get the code for this…..

]]> Comment on SHULMAN ROGERS by admin http://www.cyberengineeringservices.com/shulman-rogers/#comment-232 admin Sun, 10 Feb 2013 08:00:20 +0000 http://cyber.i72dev.com/?post_type=event&p=1080#comment-232 Comment testing

]]> Comment on Trojan.Foxy-DES by admin http://www.cyberengineeringservices.com/trojan-foxy-des/#comment-231 admin Wed, 06 Feb 2013 15:58:40 +0000 http://www.cyberesi.com/?p=961#comment-231 Comments*

]]> Comment on Poison Ivy by Anonymous http://www.cyberengineeringservices.com/poison-ivy/#comment-230 Anonymous Wed, 10 Oct 2012 00:47:39 +0000 http://www.cyberesi.com/?p=586#comment-230 There are various tools you can use to answer your questions. Personally I use the Sysinternals suite, specifically Procmon and Procexp. Procmon monitors filesystem and registry activity. Static analysis (Ida Pro), Dynamic analysis (Ollydbg, Windbg, Immunity), Procmon, or Wireshark can be used to find out who the recipient of the network beacon is.

]]> Comment on Trojan.Foxy by Trojan.Foxy-DES http://www.cyberengineeringservices.com/364/#comment-209 Trojan.Foxy-DES Fri, 21 Sep 2012 23:04:45 +0000 http://www.cyberesi.com/?p=364#comment-209 [...] actors continue to use this Trojan successfully. JMyers first described the behavior of this Trojan here. The version we will analyze today has an extended set of commands and obfuscates network traffic [...]

]]> Comment on Downloader.BMP by steve http://www.cyberengineeringservices.com/downloader-bmp/#comment-207 steve Tue, 11 Sep 2012 05:26:43 +0000 http://www.cyberesi.com/?p=749#comment-207 Excellent stuff guys (As always).

What is the easiest way to locate the custom alphabet?

Thanks

]]> Comment on Trojan.GTalk by Darel Griffin http://www.cyberengineeringservices.com/trojan-gtalk/#comment-206 Darel Griffin Mon, 10 Sep 2012 16:44:18 +0000 http://www.cyberesi.com/?p=639#comment-206 This is an excellent write up. I’ve been looking at this bot, and was researching the custom encryption used and came across your post. gj, wish I had posted mine first ;p

]]> Comment on Poison Ivy by Researchers: Java Zero-Day Leveraged Two Flaws | Secure Lagos http://www.cyberengineeringservices.com/poison-ivy/#comment-203 Researchers: Java Zero-Day Leveraged Two Flaws | Secure Lagos Thu, 30 Aug 2012 14:53:05 +0000 http://www.cyberesi.com/?p=586#comment-203 [...] that played a central role in the Nitro attacks of 2011, which according to Symantec and other security firms was a series of Chinese-based espionage attacks directed against at least 48 chemical and defense [...]

]]> Comment on Poison Ivy by Researchers: Java Zero-Day Leveraged Two Flaws | iCodeSource http://www.cyberengineeringservices.com/poison-ivy/#comment-202 Researchers: Java Zero-Day Leveraged Two Flaws | iCodeSource Thu, 30 Aug 2012 11:10:16 +0000 http://www.cyberesi.com/?p=586#comment-202 [...] that played a central role in the Nitro attacks of 2011, which according to Symantec and other security firms was a series of Chinese-based espionage attacks directed against at least 48 chemical and defense [...]

]]>