• Malware Sample Format in MongoDB

    by  • December 30, 2010

    I finally got a chance to sit down and work on the format for a malicious sample that would then get inserted into MongoDB. I am not certain if this is exactly how the final format will be represented, but it does work for now in storing a lot of ...

    Read more →

    Using XMPP for Botnet C&C (Shmoocon Submission)

    by  • December 18, 2010

    My idea for Shmoocon didn't get accepted this time around so I figured I would post it up on the blog. I haven't done too much with it all, but I have some code for a working plugin if anyone is interested. The code itself does not do everything m...

    Read more →

    Looking for New Data Storage Methods

    by  • December 14, 2010

    Over the past few days I have been grabbing more and more characteristics from this malware and I have reached a problem. The data is quite dynamic on multiple levels which makes it hard to store in a standard database. What exactly do I mean? Wel...

    Read more →

    New CVE to the List of Malware

    by  • December 11, 2010

    Today I went through and ran the newly collected malware I found through a couple scanners. For the most part all the vulnerabilities exploited seemed to match with the existing samples I already had. There was a difference in a few files though i...

    Read more →

    PDFiD.py Output to JSON

    by  • December 10, 2010

    I want to store as much data as possible about this malware being collected, and I realized that a database would be the best idea in storing the data. One of the things I was playing around with in my head was taking these detailed PDFiD scans an...

    Read more →

    Call to Those Who Visit and the Weekend To-do List

    by  • December 9, 2010

    Breaking out of my normal postings for a moment, I wanted to ask some of the companies who have been visiting this blog to establish a line of contact with me. I can't be certain those from these companies are actually reading what I write, but if...

    Read more →