The No More Ransom Project

No More Ransom is an international initiative that shows the value of public-private cooperation when taking serious action cybercrime. This collaboration goes beyond geographical borders. The main aim of the project is to share knowledge and educate users across the world on how to prevent ransomware attacks. We believe that it will eventually lead to support for repairing the damage caused to victims all around the globe. By restoring access to their systems, we empower users by showing them they can take action and avoid rewarding criminals with a ransom payment.

Source: The No More Ransom Project

SSH Server Auditing

SSH-Audit is a tool for SSH server auditing.

Features

  • SSH1 and SSH2 protocol server support;
  • Grab banner, recognize device or software and operating system, detect compression;
  • Gather key-exchange, host-key, encryption and message authentication code algorithms;
  • Output algorithm information (available since, removed/disabled, unsafe/weak/legacy, etc);
  • Output algorithm recommendations (append or remove based on recognized software version);
  • Output security information (related issues, assigned CVE list, etc);
    analyze SSH version compatibility based on algorithm information;
  • Historical information from OpenSSH, Dropbear SSH and libssh;
    no dependencies, compatible with Python 2.6+, Python 3.x and PyPy;

Source: SSH Server Auditing

Mindset

If you take two people, one of them is a learn-it-all and the other one is a know-it-all, the learn-it-all will always trump the know-it-all in the long run

– Satya Nadella on culture at Microsoft, inspired by Carol Dweck’s book, Mindset.

Inspecting a PDF File

I recently had to complete some work with inspecting a PDF file for malicious content. This was an interesting experience so I thought I’d share the approach I took to review the file from a sandboxed environment:

1. Start with using a service such as virustotal.com, scanii.com, metadefender.com to scan the file

2. Use Adobe Acrobat to browse the internal PDF structure. Launch the PreFlight Tool (Print Production > Preflight) and then under Options select Browse Internal PDF Structure.

3. Use an Adobe PDF meta data application to inspect the file. Here are some I used that were quite helpful:

peepdf.py – PeePDF is a Python based tool to explore PDF files

pdfid.py – PDFID is a Python based tool to scan the file looking for certain PDF keywords. For e.g., does the file contain JavaScript or execute an action when opened

pdf-parser.py – PDF-Parser is a Python based tool to parse a PDF document and identify the fundamental elements used in the file.

Additional Reading:

  1. Checking a PDF for exploits
  2. Viewing PDF objects
  3. PDF Tools from Didier Stevens
  4. Best tool tool for inspecting PDF files?
  5. PDF malware analysis

Additional Tools:

  1. GhostScript
  2. GSView
  3. PDF Validator Online Tool
  4. PDFMiner