Getting rid of the Buma Stemra ransomware malware

Categories Malware

Since a week or so a new Dutch version of some ransomware malware is active in the Netherlands. This malware claims to be from The Buma Stemra, but of course has nothing to do with the real Buma Stemra.  The malware successfully takes over the system by replacing the start of explorer.exe with itself, so as soon as the system starts the malware will be loaded instead of the normal Windows environment. The malware further disables editing the registry, accessing the task manager and getting access to the system in any way. When infected with the malware you can not access your own system anymore, the only thing the system will do is show the screen below.

Continue reading “Getting rid of the Buma Stemra ransomware malware”

Repair a broken HP LaserJet printer by baking it

Categories Hardware, Mods

After my HP printer died just after his warranty period I searched for a solution what to do to revive it. When reported to HP they wanted to charge €350 to repair the printer, which is around the same amount a new printer would cost, besides that I had to ship to whole bulky printer to them. When searching the internet for an alternative you will find a lot of people with the same problem using this printer series but not a lot of clear solutions.

This write-up will describe a way to repair the HP LaserJet M1522 series printer. While this idea is not new I wanted to create an easy to follow overview to repair this printer instead of a “just bake the formatter board”. I hope this write-up will be handy for some of the people out there with the same problem. While this write-up is focusing on the HP LaserJet M1522 MFP printer I would expect the same approach to work on other faulty hardware.

Continue reading “Repair a broken HP LaserJet printer by baking it”

Samsung WB650 Video file Scalpel rule

Categories Code, Forensics

I recently ran into the issue that my new photo-camera (Samsung WB650) somehow decided to erase all the data of my SD card. Since the SD card was filled with a lot of photos and video files I decided to image the SD card and to try to recover my files. The photo files all were JPEGs, so it was pretty easy to recover them by using Scalpel. However the Video format this camera uses was not included in Scalpel so they weren’t recovered. To be able to recover the video files as well I created a Scalpel rule for them myself.

Continue reading “Samsung WB650 Video file Scalpel rule”

Creating ACK-GET packets with scapy

Categories Code, CTF

During the recent Defcon 19 CTF pre-qualifications, one of the challenges included to connect ‘quicker’ to a web server. While figuring out what the solution was for this challenge one of the things I tried was to send the HTTP GET request already in the TCP handshake stage. Sadly enough this had nothing to do with the real solution of this case, the real solution was making use of SPDY to connect to the server, this is also explained by one of the other teams in a write up here. However it was a nice exercise to create packets with scapy again and since I could not find a lot of information on the topic I decided to create this short write up on the topic.

Continue reading “Creating ACK-GET packets with scapy”

Swiss Cyber Storm write-up 2: CarGame Challenge 5

Categories CTF

This article is a write-up of the Swiss Cyber Storm CarGame Challenge 5 (March/April 2011). For more info on the Swiss Cyber Storm Conference please check my post about the conference here.

I only joined the CarGame in level 4 (my write-up for level 4 can be found here), which meant I could not qualify any more to play the CarGame challenge during the conference. However since the challenges seemed fun I did the last two CarGame challenges anyway. The number and title of this challenge were:

  • 7035 CarGame Challenge #5

I submitted my solution and it was accepted by the organisation, however I do not know if this was the solution the organisation expected and if any other participants have other solutions.

Continue reading “Swiss Cyber Storm write-up 2: CarGame Challenge 5”

Swiss Cyber Storm write-up 1: CarGame Challenge 4

Categories CTF

This article is a write-up of the Swiss Cyber Storm CarGame Challenge 4 (February 2011). For more info on the Swiss Cyber Storm Conference please check my post about the conference here.

I only joined the CarGame in level 4, which meant I could not qualify any more to play the CarGame challenge during the conference. However since the challenges seemed fun I did the last two CarGame challenges anyway. The number and title of this challenge were:

  • 7031 Gain Windows Domain Admin Privileges

I submitted my solution and it was accepted by the organisation, however I do not know if this was the solution the organisation expected and if any other participants have other solutions.

Continue reading “Swiss Cyber Storm write-up 1: CarGame Challenge 4”

Swiss Cyber Storm

Categories CTF

I recently have been to the Swiss Cyber Storm 2011 conference which is an ‘International IT security conference’ held in Rapperswil, Switzerland. The conference took place from 12 till 15 May 2011 and the conference consisted of both Briefings and Wargames. The Cyber Storm Briefings were on Thursday and Friday (12-13 May 2011). There were three tracks and a lot of interesting presentations. The Swiss Cyber Storm Wargames were on Saturday and Sunday (14-15 May 2011) and there were 3 leagues to play in. The challenges were very challenging and the split in three different levels of difficulty made it fun for everyone. The conference in total was very well organized (Swiss precision?).

Continue reading “Swiss Cyber Storm”

Hiding your data in plain sight – USB hardware hiding

Categories Hardware, Mods

—> The PDF version of this article can be found here.

This article will describe the possibility of hiding data in any kind of USB hardware. Even though USB data carriers come in various sizes and forms, which already sometimes makes them hard to recognize, this approach could even make it worse. Any USB device could be a data carrier and thus from a forensics point of view, any USB device should be taken into account when investigating a computer. Or, for example, from a company protection point of view, any USB device could be used to transport data out of the company.

The reason for writing this article is that the approach described in it has already been developed by me around 2007, while I was still working for the company Fox-IT. I presented part of this paper during a presentation I gave on the ENFSC 2007 congress, but since then I never made the full research completely public. I recently decided to redo my research and to work the idea out further. Since the information in this article is still current, I decided to spread the knowledge on it by publishing this article.

Continue reading “Hiding your data in plain sight – USB hardware hiding”

OUI (MAC address) lookup script

Categories Code

Every networking device contains a MAC address, in general these MAC addresses should be unique for each networking device (not taking into account spoofing at this moment). Each of these MAC addresses contains a OUI (Organizationally_Unique_Identifier) and each OUI that is used should refer to the company making the networking device.

MAC and OUI

While there are various places where you can lookup OUIs I couldn’t find an easy command line tool for this. So, to enable easier lookups of these OUIs I wrote a small Perl script, the script is made to be used on a BackTrack 4 installation, however it should work on other systems as well.

Continue reading “OUI (MAC address) lookup script”