Decrypting MalwareBytes Quarantine Files with Python

MalwareBytes will rename malicious files found during a virus scan to a GUID (e.g. 403dab27-42d6-40e4-8a8b-f4eb4a3ffe82) with a .quar extension. These files are encrypted using RC4 and a long 68 character key.

WinExe Forensics

WinExe is a utility that allows linux hosts to remotely execute commands on a Windows machine. The functionality is very similar to PsExec.

CARP Conflict with VRRP

We utilize two pfSenses in CARP-failover mode as the firewalls protecting a Hyper-V cluster. This past weekend at 3am, the firewalls started experiencing high packet loss to the upstream gateway.

Getting Started with the Proxmark3 Easy

It took me several hours to get the Proxmark3 Easy up and running the first time. I had no idea what I was doing and couldn’t find much information specific to the Proxmark3 Easy.

Breaking Hardened MIFARE with Proxmark3

The traditional attacks on MIFARE cards rely on weak random number generation. The two most common attacks using the Proxmark3 are the darkside attack hf mf mifare and the nested attack hf mf nested. Neither of these attacks work on modern MIFARE cards with hardened pseudorandom number generation (PRNG).