Analysis and Reverse Engineering of a Banking Trojan Malware from the Zeus Family
1. Introduction and Objectives In this article, we will demonstrate how to conduct a reverse engineering analysis of a banking trojan from the Zeus family. For our study, we have been provided with a single binary file named “fichero.bin.” You can download it from the JMSec GitHub repository: To undertake a study of this nature, you’ll need some basic knowledge of reverse engineering. 2. Setting Up the Laboratory and Description of Materials To begin the exercise, it should be noted that the analysis of the binary is conducted under the Windows 10 operating system. The following list enumerates the tools …
SPLUNK: The Ultimate SIEM for Control
1. Introduction and Objectives In this article, we will step into the shoes of a security analyst whose task involves detecting intrusions by analyzing the various log files generated by machines and devices, searching for abnormal behaviors. This is done to respond to potential incidents, establish appropriate policies and rules, and ensure their compliance. Additionally, this role includes the implementation of Security Information and Event Management (SIEM) systems. For this exercise, we will use the tool “Splunk Enterprise.” In the following sections, we will define this tool and its functionality, as well as briefly explore some use cases that can …
Analysis of Malware in Android
1. Introduction and Objectives In this article, we will conduct the analysis of a well-known malware targeting Android. Specifically, we will examine a “Meterpreter” originated using the “Msfvenom” tool belonging to the Metasploit framework. For those unfamiliar with a “Meterpreter” application, it’s a command interpreter that allows interaction with the victim machine, offering high flexibility and reliability. In other words, it’s malware that provides the attacker with complete control over the infected machine, enabling command execution, webcam viewing, microphone listening, and numerous other fascinating functions. We will define what a “Meterpreter session” is later on. I recommend reading the book …
Vulnerability Analysis in Android Applications (2)
1. Introduction and Objectives In this article, we will continue with the analysis of Android applications. The objectives and the laboratory setup remain the same as in the first part. For more information about setting up the analysis laboratory, you can refer to the first part: “Vulnerability Analysis in Android Applications (1)“. In the following sections, we will conduct a brief analysis of “InsecureBankV2“. As the name suggests, it is a banking app that has certain vulnerabilities that we need to identify. As seen in its official repository, this application has a significant number of vulnerabilities. However, in this article, …
Vulnerability Analysis in Android Applications (1)
1. Introduction and Objectives According to “OWASP Mobile Security Testing,” the phases for conducting a pentest on a mobile application are as follows: In this article, we will learn the basics and methodology of manual static analysis of Android applications. We will not use automated vulnerability detection tools for this purpose. Instead, we will demonstrate this process using a specific example. 2. Setting Up the Analysis Environment The first step is to create and set up a secure and suitable analysis environment. The tools you’ll need to set up are as follows: By setting up this environment, you’ll have access …