Why you can not always trust web server logs?

Sketching the situation Let’s suppose we do a server post-breach analysis and manage to state the following: external access is possible only through a web application, and the web server is running with the privileges of an unprivileged user, the application is out-of-date and contains publicly known RCE vulnerability (remote code execution), the access_log, error_log …

Automatic Analysis of Malicious Software Using of SysAnalyzer

Beginning SysAnalyzer is an application (or rather a set) that allows for quick analysis of malware by observing its activities in different stages of the system. Before starting the “malicious sample”, the software creates a snapshot of the current state of our environment, which after starting the malware, is the basis for determining changes in …

Quick malware analysis

Sometimes in an e-mail we receive something that catches our attention and causes the red lamp to flicker. This can be the sender’s address, a strange attachment or a link in the body of the message. Then we want to quickly and effectively find out what we are dealing with, especially if we suspect that …