businessmen with frosties

The Official Blog of Matthiew Morin :: A withani.net Production

A Brief Analysis of SCAN_389_07172013_319.exe


Introduction

I was able to snag this piece of malware from a user at work a few months back (yes, I know, it’s been a while).  It was delivered via email in the typical form of a zipped executable.  As with many companies, we utilize scanning-to-email and scanning-to-folder operations on our printers to reduce paper usage so I wasn’t very surprised to see SCAN_389_07172013_319 as the email title.

Luckily, many of our users have taken my presentations and education sessions on email security fairly seriously and have gained a keen-eye for suspicious emails that manage to land in their inbox. (See, user education does work!)

In the little spare time I have, I decided it would be worth while to do a little analysis of my own on this.  It never hurts to get your hands dirty with a little malware analysis every now and then, so lets jump right into it! Continue reading

Outlook Macro: Save Incoming Messages and Attachments to Hard Drive


Outlook archives (.PSTs) have been the bane of my existence during my years being a help desk tech.  Outlook was never originally designed to be a filing cabinet, yet people continue to use it as one (myself included).

This macro (code below) is designed to save incoming messages and any attachments into a specific folder structure on a hard drive, network drive or flash drive.  Currently the structure is set to “C:\email\companyDomain\Year\Month\yyyymmdd_emailsubject.pdf” however this can be changed easily, in the save location area in the code.

Continue reading

Facebook Stickers Denial of Service on iOS Devices


Facebook users on iOS devices, listen up:

If you’re like me chances are your iPhone is a sort of lifeline; for me it’s my social media hub, my email hub and my 2 Factor Auth hub while I’m on the go.  I also like to have push notifications from certain apps (namely Twitter, Facebook, Messages, etc.) because I like to know what’s going on so I can better plan what my day is shaping up to be.

Enough of my iPhone habits; you may have noticed that Facebook just released a new update for the iOS app, version 6.0, and support for a new messaging feature called Stickers.  (Apparently smiley face’s aren’t enough anymore).

Continue reading

Hackers, Attackers and … Routers?


I must say I have been greatly neglecting my blog as of late, but it’s for a good cause!  Things have been busy in the world of Matt for the past month or so.  Luckily, I have a fairly decent amount of stuff in the pipeline to talk about as soon as finals are over.

Continue reading

Top 5 Reads of the Week: February 19, 2013


Top 5 Articles of the Week:

Continue reading

It’s #PebbleTime


10 months ago I made my first Kickstarter investment, of course it just so happened to become the most successful Kickstarter project…ever.  That project was, of course, the Pebble.

After 10 long months of reading design updates, production updates and shipping updates, my Pebble finally showed up on my doorstep and frankly, I couldn’t be happier.

Continue reading

Live View: A New View on Forensic Imaging


A few semesters ago I was introduced to the Live View program during one of my digital forensics courses. Upon hearing about it, I was instantly intrigued. What more could you want during a forensic investigation than to be able to boot up a forensic image and control the environment that it is running in; all without altering the original evidence.

Live View does just that; and does it very well mind you. As I learned more and more about the capabilities of Live View a decided to base my final paper for the course around Live View and the forensic imaging process.

The paper gives a fairly high-level overview of the importance of forensic imaging and some of the techinques. In the later part of the paper I discuss the actual Live View program as well as comparable programs.

You can find the full paper here.

If you have any questions or comments, please do not hesitate to contact me at matt@withani.net.

Website: http://liveview.sourceforge.net/