Author: Ali Rodoplu

  • Find Malwares Using Sysmon in Linux

    I am planning to install Sysmon on the Ubuntu distribution. If you are going to do this on a different Linux distribution, you can follow the steps in the link below.https://github.com/Sysinternals/SysmonForLinux/blob/main/INSTALL.md So, let’s start to install Sysmon 1. 2. 3. 4. If you receive the following error at this stage, try the next step. 5. […]

  • Malware Hunting using Procmon and Procexp

    In a virtual machine where I perform malware tests, I noticed that a conhost.exe process was constantly consuming around 50% of the CPU and allocating approximately 2.5 GB of space, even if it did not use the memory. The main task of Conhost.exe is to provide the appearance and functionality of the command line window. […]

  • CVE-2023-48795 Vulnerability and Performing Some Mitigation Steps

    CVE-2023-48795 is a vulnerability in the SSH transport protocol with certain OpenSSH extensions in OpenSSH versions prior to version 9.6 and some other products. This vulnerability could allow remote attackers to bypass integrity checks by bypassing some packets, resulting in a connection between a client and server where some security features are downgraded or disabled. […]

  • Finding Malware by Performing Static Analysis with PeStudio

    PeStudio is an analysis tool with which we can get information about executables without running them. We can do static analysis of a malware with PeStudion. Static analysis examines the contents and properties of a file, trying to gain information about what the file can do at run time. It is a type of analysis […]

  • What is and How to Install PrivateGPT?

    Private GPT is an artificial intelligence chat robot that you can feed with your own documents and run on your own computer without needing an internet connection. Private GPT runs LLM on your own computer’s resources and thus learns from the documents you feed it. Again, by using your system’s resources, you can answer questions […]

  • Find Malware using Process Explorer Tool

    Process explorer is a sysinternals tool, and like every sysinternals tool, it can be used for operations such as system administration and troubleshooting. Process Explorer, which is our subject, can be thought of as an advanced version of Task Manager. Process Explorer, with its features, can provide us with more detailed information and telemetry data […]

  • Scammers’ New Fraud Method: Youtube Ads

    We are facing with a new fraud method. Let’s discuss this issue in order to raise awareness of internet user.With this method, fraudsters aim to reach target audiences through YouTube ads. In their advertisements, they aim to attract attention and gain trust in order to deceive their targets by using their own dubbing on video […]

  • Find Malwares Using Sysmon

    Sysmon is a sysinternals tool, and like every sysinternals tool, it can be used for operations such as system administration and troubleshooting. Sysmon is generally used to collect logs that Windows does not log as standard in order to correct and improve the security posture. We can use Config file to select which event we […]

  • Heap Buffer Overflow in libwebp in Google Chrome – CVE-2023-4863

    Use what I’m about to say in this article only for the right purposes, such as raising security awareness and improving the security posture of your environments. I do not accept any responsibility for other uses. WebP is an open-source image format developed by Google. WebP enables higher quality images in smaller file sizes. The […]

  • Enum4Linux

    Use what I’m about to say in this article only for the right purposes, such as raising security awareness and improving the security posture of your environments. I do not accept any responsibility for other uses. Enum4Linux is a tool used to collect information from Windows and Samba systems. Some information that Enum4Linux can collect; […]