This is Rodel Mendrez's TypePad Profile.
Join TypePad and start following Rodel Mendrez's activity
Rodel Mendrez
Recent Activity
@David: I assumed that those repetitive string were whitespaces when decoded and those would be 0x00s. The repetitive string was 21 bytes long. The pattern is more obvious when viewing in text mode because part of the repetitive string contains 0x0D,0x0A (line termination). So i took that 21 bytes string starting with 0x0D,0x0A and xor it against PK.BIN starting at the offset where i took my XOR key.
@jeremy.collake: thank you for that advice.
Commented Apr 26, 2012 on Pwning a Spammer's Keylogger at SpiderLabs Anterior
Pwning a Spammer's Keylogger
Recently, while scrounging around our spam traps, I spotted this ordinary piece of malicious spam. It uses a very simple social engineering trick, speculating about Obama’s sexual orientation and a link to a supposed picture to prove it. There was nothing special about this spam but the link w...
@Matthias Brugger i actually did. If you read the blog and noticed the Wireshark screenshot, that is how i intercepted the FTP credentials. My objective of decoding the configuration file (PK.BIN) is to retrieve the PK admin panel password and other useful details such as the license name.
Commented Apr 25, 2012 on Pwning a Spammer's Keylogger at SpiderLabs Anterior
Pwning a Spammer's Keylogger
Recently, while scrounging around our spam traps, I spotted this ordinary piece of malicious spam. It uses a very simple social engineering trick, speculating about Obama’s sexual orientation and a link to a supposed picture to prove it. There was nothing special about this spam but the link w...
Rodel Mendrez is now following The Typepad Team
Mar 21, 2012
Subscribe to Rodel Mendrez’s Recent Activity
0 Favorites