Month: April 2022

Posted in Informational, Simple Malware Analysis

Bazar Call Emails: More than a Scam

Posted on by Steph

This week I learned about Bazar Call /Bazarloader Malware. I had never heard of this malware campaign. Even when it was explained to me I didn’t think that it would have a high success rate, but doing more research it is really successful.

The whole cycle starts with an email one that often talks about the end of a free subscription or being charged for a renewal or the like. This email might not have any links or attachments, but will have a number for the recipient to call.

<sidebar: I’d always thought these types of emails had 1 purpose and that was to scam recipients by getting them to call and then getting them to divulge credit card information or other personal information…my viewpoint was limited .>

When the recipient calls to cancel or dispute the precieved charges they are directed by the ‘call center’ to a website and this website downloads bazarloader malware which can be a carrier for other malicious code like Trojans or Ransomware.

https://unit42.paloaltonetworks.com/bazarloader-malware/

So, I learned something new this week. I’m always amped when I learn something and I usually want to learn more about it. So, I’m doing more deep diving on Bazarloader and to see if there are other similar campaigns.

This whole thing also reinforced thinking outside the box when it comes to attacks. Often times, the simplest objective isn’t the true objective. Why hook a little phish when a marlin is out there like encrypting and ransoming an entire enterprise?

Also long story short, whether it’s a credit card scam or something more malicious, like this: don’t call random numbers in emails.

More readings on Bazar Call:

Posted in Informational, Labs, Using, Walk-Throughs

Build A Lab With Me… (#0)

Posted on by Steph

A Multipurpose, Multisystem Endeavor

This morning I sat in on a virtual Meet-up where the topic was Building a Lab.  During the pandemic I had been slowly but surely ‘collecting’ computer equipment with the thought to build out several components to like a multitasking lab environment.   I know a lot of people are all for virtual environment labs, and I had one of those as well, but I also think that different devices should have different functions and like the idea of re-purposing old systems.

I’m working on this because in the past my virtual lab was tied to schoolwork or ctfs and mostly focused on lightweight pentesting and I want to get more hands-on defensive measures in place. I also want to be able to pull in threat intelligence feeds and a machine specifically for python scripting and researching.

An older version of the Meet-up I attended this morning

One of the things that stuck with me this morning and is kind of a ‘duh’ moment was to do an inventory, but also I think I’m going to try to design and designate all the components I want/have before I start building out. That’s why this blog is #0 it’s my pre-planning. I’m going to take the next week to look at the systems I have, the objectives I want to learn, and then plan out. Another piece to this will also be the documentation, I want clear and concise documentation because in a real world scenario this would be important.

Next week or the week after I’ll share examples of my inventory assessment and initial documentation. I also plan to have designated the use of each piece.

Posted in Using, What I've Used

The Road BACK to FreeCodeCamp

Posted on by Steph

and why I’m even going back….

I’m. A very big advocate of first using the free stuff.  If there are free offerings when learning by all means access them.  When I first started to explore my interests in information technology I started with web page design.  One of the biggest contributors to my learning was definitely FreeCodeCamp.

FreeCideCamp assisted in me teaching myself HTML, CSS, and Javascript.  I also began to code Python with the community’s assistance. I did 100 days of code twice with some influence from their curriculum. 

This is also where I first found out about BlackGirlsCode, but I digress…

Once my career in infosec and graduate school really started rolling I really strayed away from FreeCodeCamp–though I still kept and eye on the community/site.  I still advise people to check them out when they’re starting to learn coding, especially since their offering have really grown.

So, now years and two degrees later I find myself back on FreeCodeCamp working through their Data curriculum because data is fun. To be in infotech and infosec is to commit yourself to lifelong learning and discovering things that interest you and maybe how those interests might inform your work. That’s really what made me stroll on back to freecodecamp, because like I said use the free resources before you open your wallet so you can discern between what might be a mild interesting topic or an avenue for career pivot.

Posted in Burnout, Covid, Hiatus, Learning Woes

Burnout or When Burning the Candle at Both Ends goes Wrong…

Posted on by Steph
https://www.pexels.com/@eye4Dtail

Burnout: Burnout is a state of emotional, mental, and often physical exhaustion brought on by prolonged or repeated stress.  -Psychology Today

So, like I said in my last post I accomplished a great deal next year, but I think overall  it cost me alot as well.  I was able to pass Cloud+, Pentest+, CYSA+, and Splunk Certified User.  I also completed my Master’s degree.  I Competed in 2 National Cyber League CTFs and lead one of my school’s teams each time.  I also had to deal with the demands at work that kind of intensified with co-workers coming and going. 

By November I really just felt tired.

I basically didn’t want to do anything at least career related and in some ways not even big life stuff.   So, because I know myself well enough I took December 2021-January 2022 off. I still worked, but I wasn’t like actively trying to like improve myself.

I didn’t want a little burnout to end up like:

https://www.pexels.com/@Adonyi-foto

Or Worse:

https://www.pexels.com/@Diego-Sanchez-44059283

I didn’t try to study for any new certs, didn’t try to find any challenging ctfs, didn’t take anymore classes, nothing. I just sailed for a bit instead of striving and trying to compensate for starting later than others or being newer to the field. I stopped telling myself I didn’t belong in the conversation or at the table because I just got here and needed to prove something and I just relaxed.

It’s hard to just relax and it’s super hard to silence the voices in your head telling you that you’re not as good or even the voices outside that say the same, but it’s important that we don’t let them overwhelm you and especially don’t let them talk over the voices of confidence.

Posted in Covid, Hiatus, Informational

The Condensed Version of Why I was MIA

Posted on by Steph

It’s been a while. I kept trying to say that I would be back blogging, but there were so many compounding things.

Covid-19: I wanted to be one of those people who was super productive during Covid not realizing how changes might effect mood. I’m an introvert by nature and it felt like ‘no big deal’….til it was. I ossicilated between being feeling like nothing was changing and I was stuck to making a lot of headway last year. I made all this progress, but felt isolated…it’s not a good headspace to write from.

Changing Jobs: When I first went on radio silence I had just left a position, my first real infosec position and there was a period of like 3 weeks where I technically had a job, but wasn’t working. I did not know how panicky not having a steady income would be (even with savings), but it was….when you’re money is funny you are not in a place to blog.

Contracting is for the Birds: This came later, there was a period where I transitioned from subcontracting to contracting and thay was stressful. There was poor communication and a back and forth on whether I needed to find a new job, so basically I was back to panicking and stressing about what comes next. It worked out, but it also made me realize I didn’t want to stay a contractor for much longer.

2021: I turned a corner in 2021, if anything this was a great year because all I accomplished. I racked up certs, worked and felt in my niche. I mean by the end of 2021 I felt like I had really made a little establishment in my new career. On my team my name was synonymous with great work and I knew it, but I also was burning myself out trying to prove that I belong (burnout is real. Imposter syndrome is real. And I will discuss in a later post). I was moving so much I couldn’t even think about slowing down to commit to blogging.

Now: Here we are.

  • I’ve got an awesome mentor
  • Have been motivated to think about branding (which is exciting)
  • I think about where I want to fit into and give back to the infosec community as a whole
  • I got to do a CTF that made me more secure and what type of infosec path I want to be on (more on this later)

All in all I’m ready to commit to this again, but with caveats. This will only be a weekly blog, the calendar I wanted was too much to busy and hectic. This is manageable and it’s good to set boundaries (even with yourself).

In the coming weeks I will also be changing the look of this blog. Thanks to anyone who still reading this and sorry that I left you in the lurch.