Skip to content

Laskowski-Tech

  • Home
  • Projects
    • Calamity – Malware Triage from Memory Dumps
    • LW-yara Malware signature database
    • Minerchk – malicous crypto-mining detection
    • Blazescan – Linux Webserver Malware scanner and DFIR toolset
    • Drupal Check CVE 2018-7600
  • Resources
    • pfSense
    • Securing WordPress
    • Web Server Malware Investigating
  • Articles
  • CV
  • Contact

Category: wordpress

Deobfuscating PHP malware

Posted on January 3, 2019January 3, 2019 by admin

So while I am not full time on web server investigations anymore I still like to try and keep current and also maintain my scanner and signature projects. Just a few days ago a kind soul uploaded a malicious php file using

Read More

Posted in analysis, dfir, malware, web server, wordpress

Webserver Malware Investigations – Blazescan Tutorial

Posted on November 10, 2018November 10, 2018 by admin

Originally published at Eforensics magazine: Today when you look at the market of malware you will find an overwhelming domination of malicious windows software.  So looking for security products you can find many that exist for Windows, and write up after write

Read More

Posted in dfir, monitoring, soc, web server, wordpress

Persistence by any other name…

Posted on August 23, 2018August 23, 2018 by admin

So after investigating hundreds of compromised websites, you begin to get a feel for what malware is pretty garden variety, like if I see another WSO shell, color me extremely unsuprised.  But every once in a while something novel shows up. This

Read More

Posted in analysis, malware, web server, wordpress

Post Defcon/Blackhat vulnerabilities revealed in Drupal and WordPress

Posted on August 22, 2018October 17, 2018 by admin

Well with hacker summer camp now over the research presented can now start to sink in and be digested. Two things stood out to me with my background in supporting websites and content management systems (CMS), those were vulnerabilities that affect the

Read More

Posted in analysis, web server, wordpress

WordPress Passwords and Haveibeenpwned.com

Posted on March 20, 2018March 20, 2018 by admin

So I investigate a lot of compromised WordPress sites. Pretty much all of these investigations end in one of two places for a cause. Out of date software and/or plugin, or a password compromise. Unless you have been under a rock, you

Read More

Posted in web server, wordpress

Recent Articles

  • Opnsense and SSL decryption using sslsplit
  • TIL: How to Unpatch Office and get that sweet execution
  • Breakout Time: Trickbot edition (Gtags QWE, lib693, tt0002)
  • Remco’s RAT, AMSI killing in the wild and defender evasion.
  • Definitely Racoon this time!
  • OSTAP: Maldocs, with a sprinkle of Jscript
  • What is this? Bad for sure! Racoon Stealer, maybe?
  • Is That Really Your AV Company? (Trickbot gtag mor85)
  • .Club Phish
  • Emotet’s away but Trickbot still wants to play

Categories

All rights reserved © Laskowski-Tech Powered by WordPress Theme by Mina Themes