Author: todd

Why I Prefer DuckDuckGo Search

I have been using DuckDuckGo full time for about two months now, and I would like to share my experience with you. Like other software professionals, I’m a heavy user of search engines and am on the computer all day Mon-Fri for work, in addition to several hours on weekends. I am not an employee…


Site review: Usbank.com

The last review was a financial magazine website. Let’s be honest, security matters far more to a bank than to a magazine site; and rightly so. So this time, we’re taking a look at https://usbank.com Misssing headers for main site response X-Frame-OptionsMissing Referrer-PolicyMissing Content-Security-PolicyHSTS flag present HSTS header missing preloadHSTS header does not include subdomainsMissing…


Website Review: Forbes.com

In this post, we review the web security posture of forbes.com Let’s first browse to the website and view the security headers returned on the main site as well as the trackers used. HTTP/2.0 200 OK cache-control: public, max-age=300 content-encoding: gzip content-type: text/html; charset=utf-8 server: istio-envoy x-envoy-upstream-service-time: 513 backend: dnsresolver x-backend: simple-site-prod x-yourttl: 300.000 accept-ranges:…


Securing Your workstation

Many of us who work in the software security field even need to do a “security healthcheck” from time-to-time. For me, my data security also includes privacy. After all, if my data is being sent to every Tom, Dick, and Harry, then the chances that it gets into the wrong hands or hands with improper…


How to Become (and Remain) a Malware Researcher

I am writing this post as requested by Peerlyst. In this post, I will present my unique take on both becoming and remaining a Malware Researcher. The Two Most Important Ingredients My take is that there are two most important ingredients to becoming a malware researcher: 1. Obsessive Passion to learn “how things work” no…


Portable Executable File Corruption Preventing Malware From Running

Important Disclaimer – YOU MUST READ FIRST! Portions of this article contain source code from the Windows Research Kernel. This code is the intellectual property of Microsoft Corporation. I am using this code under special license in this post under these grounds of the license agreement: You may distribute snippets of this software in research…


MalwareAnalysisForums.com is now Live

I enjoy posting these blog posts, but I want to really give back to the community that I’ve enjoyed learning so much from and I didn’t see a specific, dedicated, discussion board for malware analysis and research. I decided to create one and it is at https://malwareanalysisforums.com . It is currently invite-only but feel free…


Todd’s GIANT Intro of Windows Malware Analysis Tools

Purpose of this page This is a continuously updated page and it is never finished! I decided to go ahead and cover the tools I typically use for analyzing malware because although I’ve found lists elsewhere, I’ve found no real big collection with explanation and/or any type of discussion of these tools. It’s generally more…


Windows Special Folders: CSIDLs, KNOWNFOLDERID

Introduction As we’ve seen many times before, malware authors are always trying to get at important system folders on victim systems. Some reasons for this are: To locate and attack actual operating system files To impersonate or spoof system files or create files with similar names in an attempt to circumvent detection. For example –…


Python and Crypto

It’s no secret that malware authors, particularly of specialized, targeted malware and ransomware, use encryption to aid in hiding functionality of code, as well as data like email and server addresses, IPs, and much more. Due to this, it’s useful to learn about encryption. Python also happens to be the scripting language of choice these…