{"id":740,"date":"2014-03-01T00:02:33","date_gmt":"2014-03-01T00:02:33","guid":{"rendered":"http:\/\/www.gironsec.com\/blog\/?p=740"},"modified":"2014-03-18T00:10:48","modified_gmt":"2014-03-18T00:10:48","slug":"friday-quicky","status":"publish","type":"post","link":"https:\/\/www.gironsec.com\/blog\/2014\/03\/friday-quicky\/","title":{"rendered":"Friday Quicky"},"content":{"rendered":"

Salutations!<\/p>\n

Just wanted to share a couple things. First off, I encountered some clever malware.
\n\"clever<\/a>
\nBy checking to see if an audio device is enabled (by adjusting the volume), the malware knows not to run if it can’t. Because honestly, who enables audio drivers on their VM? <\/p>\n

Other than that, I whipped up a little app in .NET to make use of bitwise operations on text. I’m sick of coding up little scripts in python or C to do essentially quick transformations.
\n\"xor\"<\/a>
\nNoted above is the standard McAfee BUP file which uses the XOR 0x6A (106 decimal) ‘encryption’. A lot of times, I’ll encounter malware placing encoded data through out the OS. This little app helps me decipher it quickly. Download it here: XOR_By<\/a>. The password is ‘lolwut’.<\/p>\n

That’s all I had for today.<\/p>\n

Happy Hacking!
\nEdited due to censorship<\/p>\n","protected":false},"excerpt":{"rendered":"

Salutations! Just wanted to share a couple things. First off, I encountered some clever malware. By checking to see if an audio device is enabled (by adjusting the volume), the malware knows not to run if it can’t. Because honestly, who enables audio drivers on their VM? Other than that, I whipped up a little […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":[],"categories":[4,7],"tags":[48],"_links":{"self":[{"href":"https:\/\/www.gironsec.com\/blog\/wp-json\/wp\/v2\/posts\/740"}],"collection":[{"href":"https:\/\/www.gironsec.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.gironsec.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.gironsec.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.gironsec.com\/blog\/wp-json\/wp\/v2\/comments?post=740"}],"version-history":[{"count":4,"href":"https:\/\/www.gironsec.com\/blog\/wp-json\/wp\/v2\/posts\/740\/revisions"}],"predecessor-version":[{"id":759,"href":"https:\/\/www.gironsec.com\/blog\/wp-json\/wp\/v2\/posts\/740\/revisions\/759"}],"wp:attachment":[{"href":"https:\/\/www.gironsec.com\/blog\/wp-json\/wp\/v2\/media?parent=740"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.gironsec.com\/blog\/wp-json\/wp\/v2\/categories?post=740"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.gironsec.com\/blog\/wp-json\/wp\/v2\/tags?post=740"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}