Monthly Archives: September 2015

How to set up a BinaryPig Multi-Node Cluster

Based on my BinaryPig Single-Node cluster tutorial, I’ll now explain how to set up a Multi-Node cluster. It’s necessary that your Single-Node cluster is running properly. I changed the username to “hadoop” to avoid confusions but you can keep the … Continue reading

Posted in Malware Analysis | Tagged , | Comments Off on How to set up a BinaryPig Multi-Node Cluster

Flare-On 2015 #5

First we’ll check the PCAP to see what’s going on. We can see that there are a couple of HTTP packets so let’s filter for http: We can see that the last 4 bytes of each packet must be … Continue reading

Posted in Reverse Engineering | Tagged | Comments Off on Flare-On 2015 #5

Flare-On 2015 #4

Ok let’s start the sample first: Well, 2 +2 = 4, that’s right. Let’s have a look on the Imports: That’s not very much. Maybe it’s packed!? Let’s check it with ExeinfoPe: Seems to be packed with UPX. This … Continue reading

Posted in Reverse Engineering | Tagged | Comments Off on Flare-On 2015 #4

Flare-On 2015 #3

Starting the executable will result in a very nice picture but no real hint to start with. We can see that the file size of that executable is unsually big. Anyways, we’re doing some basic stuff like strings and let’s … Continue reading

Posted in Reverse Engineering | Tagged | Comments Off on Flare-On 2015 #3

How to set up a BinaryPig Single-Node Cluster Part 2

As everything is installed right now, we’re now going to run some jobs with BinaryPig. I’m using the VirusShare_APT1_293.zip package for testing purposes. You can download different packages of malware on Virusshare. BinaryPig already comes with a couple of example jobs … Continue reading

Posted in Malware Analysis | Tagged , | Comments Off on How to set up a BinaryPig Single-Node Cluster Part 2

How to set up a BinaryPig Single-Node Cluster Part 1

BinaryPig is a framwork for processing huge amounts of binary data. It’s built on Hadoop / Apache Pig and Elasticsearch and was presented on Blackhat USA 2013. For more details, see the slides here or the full presentation here. Unfortunately … Continue reading

Posted in Malware Analysis | Tagged , , | Comments Off on How to set up a BinaryPig Single-Node Cluster Part 1

Flare-On 2015 #2

Here we go again with my solution for challenge 2.

Again there is a little bit of XOR’ing and a little bit of bit-shifting. The function which is checking the password starts at address 401084 (see the screenshot). The loop … Continue reading

Posted in Reverse Engineering | Tagged , | Comments Off on Flare-On 2015 #2

Flare-On 2015 #1

Here we go again for the annual Fireeye Flare-On challenge. Unfortunately it started during my summer holidays so I did not have enough time to complete the whole challenge (I guess, I’m also not skilled enough but anyways..). Although the solutions are … Continue reading

Posted in Uncategorized | Tagged , | 1 Comment