Deobfuscating malware by hand

Somehow, I became a proud new owner of a piece of (somewhat) malicious code tonight.  Once making sure it was properly neutered, and after running it through VirusTotal and being surprised by how few (9/55) engines were detecting it, I decided to take a look. Sub HCYh58Llju(ByRef iKvmUvcYr3wp, ByVal Q3REKGitD, ByVal kwoeg8c) iKvmUvcYr3wp = Split(Q3REKGitD, kwoeg8c) End Sub … Continue reading Deobfuscating malware by hand

Building Ansible 2.0 RPM on Fedora 23

I want to use some of the new extras modules (especially virt_net and virt_pool), so here are my notes on building the Ansible 2.0 RPM for Fedora 23. sudo dnf install asciidoc rpm-build python-devel git clone git://github.com/ansible/ansible.git --recursive cd ansible/ make rpm sudo dnf -y install ./rpm-build/ansible-2.*.noarch.rpm ansible --version One note -- it is possible I already … Continue reading Building Ansible 2.0 RPM on Fedora 23

Resizing an LVM PV + LUKS volume on a live Fedora 23 system

I just installed Fedora 23 on a new laptop, happily clicking my way through the GUI installer.  The installer very nicely partitioned my disks to a small boot partition, and a larger LUKS-encrypted volune, and created an LVM PV from that LUKS-encrypted volume, then carved out several LVs for /, /home, etc.  Everything is up and … Continue reading Resizing an LVM PV + LUKS volume on a live Fedora 23 system

How to determine if your Red Hat Enterprise Linux 7 system is vulnerable to a specific CVE

Let's say we are looking to determine if our system is vulnerable to Heartbleed or LogJam. # ls /usr/lib64/libssl.so.* /usr/lib64/libssl.so.10 /usr/lib64/libssl.so.1.0.1e # yum info openssl Installed Packages Name : openssl Arch : x86_64 Epoch : 1 Version : 1.0.1e Release : 42.el7_1.9 Size : 1.5 M Repo : installed From repo : rhel-7-server-rpms Summary : Utilities … Continue reading How to determine if your Red Hat Enterprise Linux 7 system is vulnerable to a specific CVE