Krishnendu Paul - KP's ScratchPad (Page 3)

Running #Remnux Linux (#Malware #Analysis Distro) on #Windows10 #Docker

I am a huge fan of Windows interface till date even I am a power-user of Linux CLI ( Yes ! We exists ! ) . So, for my kind of user, WSL is a bless without putting huge resource consuming Virtualbox, VMware Player or other full fledged hypervisor. But, when tried to install Remnux

4 years ago • 1 min read

Linux

[NOTE]Changing Keyboard Layout on #Ubuntu 18.04 Permanently

I always used en-US keyboard as that is what I use to get in India. After shifting to Sweden, main problem was to adopt with Swedish layout keyboard. But, that happened swiftly. Then, the issue was keymap. If you are downloading a ready-made Virtual Machine image, it is always preloaded

4 years ago • 1 min read

Weaponizing .tar files - RedTeam

So many times you will find, that you are not allowed to upload executable binaries , backdoor php or other extension file, also those are very easy to recognize by Sys Admins. Here is a trick which may help you. So, here I have a folder contains some common files, one

4 years ago • 1 min read

unicode

#XSS Payload in #Bengali #Obfuscated

Without any further explanation - look at the code ক = '' // empty string খ = !ক + ক // "true" গ = !খ + ক // "false" ঘ = ক + {} // "[object Object]" ঙ = খ[ক++] // "t" = "true"[0] চ = খ[জ = ক] // "r" = "

4 years ago • 1 min read

XLS

Allowing #XLSM and #XLSB files ? Stop it to save your Infra

I understand that a company having legacy systems running always. But, are you permitting XLSM and XLSB filetypes ? #STOP it as fast as possible !! Following images are from a malware packer, possibly related with latest #Zloader and other infections. Credit @DissectMalware [https://twitter.com/DissectMalware]From the 2nd screenshot it

4 years ago • 1 min read

python

Update #Python modules #pip regularly #NotetoSelf

We update our linux boxes almost regularly, so Debian/Ubuntu user like me run apt update && apt upgrade -y regularly. But, we miss updating python library regularly which breaks a lot of python modules or make them outdated. Sharing 2 methods to do it easily with single liner.

4 years ago • 1 min read

TA505

#TA505 find subdomain to download #Dropper #Malware

So ... if you have main domain from #TA505 TTPs and want to download the dropper file from actual subdomain , following is the method So, found 2 TTPs today from twitter But, subdomains are not there. Without disturbing the poster, goto https://[DOMAIN] It will show you a certificate error page.

4 years ago • 1 min read

TA505

#Yara Rule for #TA505 Latest Campaign

rule ta505_downloader { meta: author = "Krishnendu Paul" description = "TA505 June 2020" strings: $meta_hex = "document.getElementById" $meta_app = "template.innerHTML" $meta_filetype = "iframeTemplate" $meta_b = "element.innerHTML" condition: all of ($meta_*) and filesize < 250000 }

4 years ago • 1 min read

windows

Enable #WSL2 on #Windows10 #Note

Prerequisite 1. Windows 10 version 2004 ( If you are not on 2004 yet, use Windows Update Assistant [https://www.microsoft.com/en-in/software-download/windows10] ) 2. Intel Virtualization Option should be enabled in BIOS. In Command Prompt, type: dism.exe /online /enable-feature /featurename:Microsoft-Windows-Subsystem-Linux /all /norestart dism.exe /online /enable-feature /featurename:

4 years ago • 1 min read

Malware

Easy #YARA Strings #Hunting for #Malware - The Lazy Man's Way

I am not your Regular #BlueTeam #YARA #Guru who is writing yara for everything everyday. But, was assigned for a task where I need to find-out a proper Yara for a specific class of new gen malwares where AV or SHA/MD5 based IOC's are not working. Even

4 years ago • 2 min read