Showing posts tagged #malware analysis

Return Home

Cerber is a popular ransomware that it's still active. In this blogpost, we will analyze and dump Cerber's config using the Cuckoo Sandbox for it.

Prior analysis of Cerber already exist (like this one by Hasherezade).
As state by Hasherezade, Cerber stores it's configuration in an RCDATA resource bundled in

Read More

In this post I will analyze one on the ELF files captured on my honeypot. First, a dynamic analysis will be performed. Once we aknowledge it's behaviour we will move onto a more in-deep static analysis.

Let's start!

We are presented with a 32-bit ELF un-stripped executable.

$ file 05fd293845e7517bcfc6e8a7fa845ef101bf716c5ec6d40c74c6f7e8aed656bf 

Read More

Logging Cowrie logs to the ELK stack


This entry will cover the basics of setting up the Cowrie SSH honeypot and Filebeat to export Cowrie's logs to Elasticsearch, so we can use Kibana to visualize them in charts.


We will have 2 servers with private networking between them. One will host the ELK stack and the

Read More