Skip to main content

Posts

Malware Analysis: A Python Malware on campus 1

So a few weeks back after a class I'd taken with them,  a number of my students told me of a particular malware that was affecting students' computers, in particular, computers running Windows OS. According to them, if you tried to open a folder that was residing on the USB stick with the malware, the malware would delete some of your files and convert folders into executable files. Granted, the likelihood of a random folder miraculously transforming into a single executable file was kinda "out there" but I figured I'd check it out and use that as a teaching moment for those interested in venturing into malware analysis. So I tasked them to bring me a sample of the malware so I could take a look at it and maybe figure it out. I advised one of them to download DumpIt  and then extract the memory dump from an infected computer using a clean flash disk and then bring it to me. How do you do this exactly? here's how: Download DumpIt . It's a portable
Recent posts

Demystifying the Rapid7 2017 National Exposure Report for Zimbabweans

So now everyone knows Zimbabwe is currently holding the number one spot in the global rankings of countries that are the most vulnerable to attacks on the Internet, but what does that mean exactly? The point of this article is to shed light on what this means from a layman’s perspective and why that report was effectively a clarion call to all, expert and inexperienced hackers, security researchers and script kiddies across the globe that the public IP addresses of Zimbabwe are the place to test your hacking skills and tools. Hopefully, at the end of this piece the private and the public sector will realize there is a need to come up with a way to join forces and resolve this crisis we are facing. As a matter of fact, it is very possible for us as a nation to get out of this dire situation we are in, take Belgium for example. In 2016, Belgium was the number one most vulnerable country on the internet but they successfully managed to not only get themselves out of the top 10 in th

The new Curriculum and its impact on cybersecurity in Zimbabwe: Should we be worried?

There has been a great deal of uproar from many corners in our local society regarding the structure of the new Primary and Secondary school curriculum, but in this article I will not delve into my support for one side or the other as a whole.  What I would like to focus on though, is the Computer Science subject (which I believe is very impressive to say the least) and how it ties into the bigger picture that is cyber security. This is with respect to the growth of what are known as threat actors in cyber security and the need for everyone to take their personal and organizational security seriously. By definition, a threat actor is basically any individual who may possibly cause harm to you or your organization, be it physically or in our case, digitally.  You see, contrary to popular belief, or maybe I should refer to it as “media-based” belief, the people who can compromise your digital security, are not only just teenage hackers on the other side of the world who stay in

It is not too late to start taking BYOD security seriously

A number of studies have shown that the benefits that come along with a Bring Your Own Device (BYOD) policy are multiple when it comes to improving efficiency of employees. On the basis of these studies, many organizations across the globe proceeded to implement this policy but not all of them managed to carefully consider the impact such a policy would have on the cybersecurity of the organization itself.  With BYOD, you basically allow employees to bring their own devices (such as laptops) to work and connect to the company’s internal network so they can access organizational resources. It also tends to allow said employees to take the devices home and in some cases, get remote access tools installed on the personal devices to allow them to connect to the same internal organizational resources while they are not on site. As you can imagine, the benefits are quite numerous, but as cybersecurity experts, what we naturally tend to look for are weak spots in such policies and how h

Predicting the Future From the Wannacry Ransomware

Okay, so this article isn’t going to focus much on the WannaCry Ransomware that’s wreaking havoc across the globe at the moment. It’ll be more focused on trying to highlight potential cyber-security related events linked to the root of this particular deadly malware, the Equation Group. So, a little bit of backstory, the first time I ever came across the name Equation Group was some years back when I was doing research for my Master’s degree on malware development and an article was making the rounds about how they had developed a way to exploit the firmware of a hard drive! That exploit truly was a thing of beauty. Of course, they were said to be linked to the US’s NSA but that link is not exactly what this article is about as well. Moving on, I ended up keeping an eye out for any discoveries or articles to do with exploits related to the Equation Group. But then 2016 came and the world of infosec got even more exciting. A group known as Shadowbrokers apparently hacked the E

Wannacry Ransomware: What It Is and Why Everyone is Worried

So the most popular question I got asked by people in the past week was “what on earth is Ransomware?” So let me put it this way, imagine you wake up in the morning and you turn on the data on your phone so you can see the WhatsApp messages that came in while you were asleep. You are then greeted by a screen on your phone with a message written across the whole screen saying, “Your phone has been encrypted. To regain access to it, send 10 BTC to Bitcoin account XYZ”. You are puzzled because not only have you never seen this message before, but you don’t even know what “encrypted” means or what BTC or a Bitcoin is. Now you, assuming this is a typical “gadget” error, restart the phone (like you would any PC) and the same message pops up again. You think of Googling the problem on your phone, but then you can’t access the Google app. Then realization slowly sets in that you can no longer access your WhatsApp, your contacts list, your music or even the Date/Time app itself! That is basic

How I Recovered my Corrupted 2TB Hard Drive without having to copy everything to another Drive

So, a little back story. I have a 2 Terabyte external hard drive that's split into 3 partitions for backup; one for entertainment, one for work and one for personal projects. A friend of mine had a Lenovo laptop that was having challenges with installing WLAN drivers (you'd install the drivers and they'd keep giving an error that drivers aren't working. If you tried to uninstall them, they'd just reappear...but that's a whole different story). Anyway, my friend decided to roll-back from Windows 10 to Windows 8 and wanted to copy one of the test builds from my 2TB HDD so I lent it to him. Little did I know that that Lenovo laptop had other plans for me. Upon connecting the external hard drive to the Lenovo laptop, it immediately read it as a FAT32 formatted drive (it was actually NTFS formatted) and had 1.82 TB free space of the "actual" size 1.82 TB. Where panic would have ensued for many, I managed to keep in the growing irritation at such a thing