Why you can not always trust web server logs?

Sketching the situation Let’s suppose we do a server post-breach analysis and manage to state the following: external access is possible only through a web application, and the web server is running with the privileges of an unprivileged user, the application is out-of-date and contains publicly known RCE vulnerability (remote code execution), the access_log, error_log …

Testing applications for Android: analysis and changing the way applications work by using the Frida framework

What is Frida? Frida, as the website of this project says, is a world-class dynamic instrumentation framework. To simplify: a framework that will allow us to inject our own code into a working process (it can be a process on Android, but it also supports iOS, Windows, Linux or macOS), and then to control this …

Automatic Analysis of Malicious Software Using of SysAnalyzer

Beginning SysAnalyzer is an application (or rather a set) that allows for quick analysis of malware by observing its activities in different stages of the system. Before starting the “malicious sample”, the software creates a snapshot of the current state of our environment, which after starting the malware, is the basis for determining changes in …

Quick malware analysis

Sometimes in an e-mail we receive something that catches our attention and causes the red lamp to flicker. This can be the sender’s address, a strange attachment or a link in the body of the message. Then we want to quickly and effectively find out what we are dealing with, especially if we suspect that …