Introduction Continuing from my Bad Malware Analysis, we now take a look at Bad Password Analysis. Mostly this is just for the fun of it, but we’ll see if we can learn anything along the way. In this Bad Malware Analysis post, we’ll look at consecutive character frequency. I’ve done analysis on two and three consecutive characters and compared it to a word frequency list generated from subtitle archives. Data The passwords come from several leaks.

Introduction After reading through “Silence on the Wire” by Michal Zalewski for the 8th time, I decided I wanted to try the random algorithm analysis he did in Chapter 10. He looked at the relationship between sequential numbers by graphing them in a 3D scatter plot. My idea was to see if any of the algorithms had been updated to make them more secure. There was a problem with that however.

Introduction For this bad malware analysis, I thought I would continue the theme of counting letters … that way I could use most of my old code :) Today, I decided to hash each file using sha512. Hashing is supposed to be completely random, so this is almost a test of that as well. I used around 3000 malicious samples and 1800 benign, so lets get started. Why Hash, Why sha512 Hashing binaries is done all the time to verify downloads, check for changes, provide signatures, provide low hanging fruit for malware signatures, and many more purposes.

Introduction I’m thinking of doing a series on bad malware analysis. Hopefully it’ll be fun and at least a little informative. Today’s post consists of performing a string analysis on malware. Where most string analysis looks at the big picture, I thought I would take it a step further and look at individual characters. This approach is terrible, as you will soon see. Why Strings If you’ve made it this far, I’m assuming you already have some basic knowledge of computers and maybe even looking at malware.

Introduction In this post we will explore a brief overview of the fast-flux (FF) technique used by botnets. Here is my full paper with more detail regarding what a botnet is and how FF works. Botnet Overview Botnets are a major threat to all those connected to the Internet. They are used for distributing spam, hosts for malicious code, sending phishing attacks, and performing a variety of attacks, including denial of service (DOS).