Fikiran Melayang Lagi..!

I've decided to improve my previous entry about Malware Analysis 1. I've learnt several tools and techniques that obtained from ENISA training sheets and Sam Class. Thanks ENISA  and SAM for a good stuff! So I just used malicious sample from Practical Malware Analysis Lab for this analysis.  ----------------------------------------------- Detecting and Unpacking Packers ----------------------------------------------- This is a techniques that has been used by malware author to obfuscate or evade from AV detection. First, upload the malware sample into PEid: Indicates that the malware was using UPX packer. Then use ExeInfo PE for further verification.  Confirmed that malware was using UPX and use advance scan by clicking '>' button. Then unpacking the malware using UPX Re-analyzed the sample by using PEiD. Its recognized the sample as Microsoft Visu C++ file. ---------------------------------------

HAppy New Year 2017!!! My first entry on January. Hopefully will assist in Web Attack investigations. First, we need know a Log Format :   "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %I %O" %h Remote host, the IP address of the request. %l Remote logname, this will never have a value as IdentityCheck is off, it’s just included for backwards compatability. %u Remote user if htauth is being used (may be bogus if return status (%s) is 401) %t Time the request was received in the format [day/month/year:hour:minute:second zone] %r First line of the request %>s The final HTTP status code, see full list of possible status codes in the HTTP 1.1 specification (RFC2616 section 10). %b Size of response in bytes, excluding HTTP headers. In CLF format, i.e. a ‘-’ rather than a 0 when no bytes are sent. %{Referer} The “Referer” (sic) HTTP request header, this is provided by the client request so it may be bogus. %{User-Agent} The Use