The vulnerability of the File__Analyze::Get_L8 function in the MediaInfo media file metadata reading library allows a perpetrator to cause a service failure.

The vulnerability of the FileAnalyze::GetL8 function in the MediaInfo reading library involves reading data beyond the buffer boundaries. Exploiting this vulnerability could allow a malicious actor to cause service interruptions...

Multiscanner - Modular File Scanning/Analysis Framework

MultiScanner is a file analysis framework that assists the user in evaluating a set of files by automatically running a suite of tools for the user and aggregating the output. Tools can be custom built Python scripts, web APIs, software running on another machine, etc. Tools are incorporated by...

Are students prepared for real-world cyber curveballs?

With a projected “skills gap” numbering in the millions for open cyber headcount, educating a diverse workforce is critical to corporate and national cyber defense moving forward. However, are today’s students getting the preparation they need to do the cybersecurity work of tomorrow? To help...

Rifiuti2 - Windows Recycle Bin Analyser

Rifiuti2 is a for analyzing Windows Recycle Bin INFO2 file. Analysis of Windows Recycle Bin is usually carried out during Windows computer forensics. Rifiuti2 can extract file deletion time, original path and size of deleted files and whether the trashed files have been permanently removed. For...

Information Disclosure in WildFire Appliance (WF-500)

Palo Alto Networks has determined that the WildFire Appliance WF-500 is affected by the vulnerability disclosure known as LazyFP and has completed an update to address these issues. The WildFire Appliance WF-500 software update is now available to customers that use the WildFire Appliance WF-500...

UBUNTU-CVE-2019-11373

An out-of-bounds read in FileAnalyze::GetL8 in FileAnalyzeBuffer.cpp in MediaInfoLib in MediaArea MediaInfo 18.12 leads to a crash...

Pftriage - Python Tool And Library To Help Analyze Files During Malware Triage And Analysis

pftriage is a tool to help analyze files during malware triage. It allows an analyst to quickly view and extract properties of a file to help during the triage process. The tool also has an analyze function which can detect common malicious indicators used by malware. Dependencies pefile filemagi...

Fnord - Pattern Extractor For Obfuscated Code

Fnord is a pattern extractor for obfuscated code Description Fnord has two main functions: 1. Extract byte sequences and create some statistics 2. Use these statistics, combine length, number of occurrences, similarity and keywords to create a YARA rule 1. Statistics Fnord processes the file with...

The vulnerability of the 3core.dll software for temperature control, specifically GUIcon, arises from a type mismatch error in the used data types. This allows an attacker to execute arbitrary code.

The vulnerability of the 3core.dll software for temperature control, related to the GUIcon component, is due to a type mismatch error in the used data types. Exploiting this vulnerability allows an attacker to execute code during the syntactic analysis of the GD1 file...

Partner Perspectives: Notes from the Field: Extending Carbon Black Visibility to Undetected Malware

Daniel LaVoie is a Senior Solutions Specialist at ReversingLabs. On a recent customer visit, I asked the company’s Director of Security Operations how ReversingLabs came to be deployed as a part of their SOC tool set. The answer was quite interesting, and one that I wanted to share with our blog...

Munin - Online Hash Checker For Virustotal And Other Services

Munin is a online hash checker utility that retrieves valuable information from various online sources The current version of Munin queries the following services: Virustotal Malshare HybridAnalysis Note: Munin is based on the script "VT-Checker", which has been maintained in the LOKI repository...

MalScan - A Simple PE File Heuristics Scanners

MalScan is a simple PE File Heuristics Scanners written in python that you can use to quickly analyze a PE file and find out whether anything suspicious exists. It is a simple tool so doesn't offers much fancy features. You are free to extend it or do whatever you want with it. Things Supported...

Encryption 101: decryption tool code walkthrough

We have reached the final installment of our Encryption 101 series. In the prior post, we walked through, in detail, the thought process while looking at the Princess Locker ransomware. We talked about the specific ways to narrow down the analysis toward the encryption portions, the weaknesses in...

App Layering/Unidesk: Desktops Blue-screen with "IRQL_NOT_LESS_OR_EQUAL" STOP 0x0000000A

Desktop will appear to become unresponsive to the end-user, but if you look at the VM console, you will see that it's actually blue-screening with STOP 0xA. Analysis of the dump file will point to unirsd.sys...

Retargetable Machine-Code Decompiler: RetDec

RetDec is a retargetable machine-code decompiler based on LLVM . The decompiler is not limited to any particular target architecture, operating system, or executable file format: Supported file formats: ELF, PE, Mach-O, COFF, AR archive, Intel HEX, and raw machine code. Supported architectures 32...

Distributed File Analysis Framework: Assemblyline

Assemblyline is a scalable distributed file analysis framework . It is designed to process millions of files per day but can also be installed on a single box. Canada’s electronic spy agency says it is taking the “unprecedented step” of releasing one of its own cyber defence tools to the public, ...

Malware Triage Tool: pftriage

pftriage is a tool to help analyze files during malware triage. It allows an analyst to quickly view and extract properties of a file to help during the triage process. The tool also has an analyze function which can detect common malicious indicators used by malware. Dependencies pefile filemagi...

Carbon Blacking your sensitive data it’s what the agents normally do

But usually without such consequences. In this situation with Carbon Black, I am most interested in the actual reasons of all this media noise. From what point business as usual becomes a scandal. Ok, when you see Carbon Black customer's private files in public access at Virus Total it's a 100%...

Visual Studio Security Extension: Puma Scan

Visual Studio Security Extension Puma Scan is the leading software security Visual Studio analyzer extension. Built on top of Roslyn, the open-source .NET Compiler Platform, Puma Scan provides real time, continuous source code analysis as development teams write code. Vulnerabilities are...

Digital Forensics Platform: Autopsy

Digital Forensics Platform Autopsy® is a digital forensics platform and graphical interface to The Sleuth Kit® and other digital forensics tools. It is used by law enforcement, military, and corporate examiners to investigate what happened on a computer. You can even use it to recover photos from...