Forensic Blogs

An aggregator for digital forensics blogs

by

The Vermont Privacy Project

As the internet ties in more and more with our daily lives, internet privacy has become a big concern. The Vermont Privacy Breach project at the Leahy Center is a team of students working with a Champlain student supervisor and a Leahy Center Fellow Judy Boyd to try and tackle this growing issue. Our goal is to reduce the number of privacy incidents on residents of the State of Vermont. We plan to accomplish this by providing simple resources. Small businesses, local governments, and nonprofits can then use these to make themselves more secure. 

What We Have Accomplished?

Over the course of the semester, the team has been hard at work researching privacy breaches and other data. The plan is to use this data to create simple presentations that can be given to businesses and people alike. Our team extensively researched what a data privacy breach is, who it affects, and how to prevent them. We all put our research into a shared Google Drive folder and refined the scope of the project. We focused on teaching and presenting to others what privacy breaches were and how to prevent them. Phase One of this project encompassed common risks, the impact of breaches on individuals and organizations, and measures to prevent or mitigate risk. At this point, we are currently in the process of creating an initial presentation outlining Phase One of this project.

What is a Data Breach? A laptop with a skull and crossbones over it

A data breach is any unauthorized access into a business, state agency, or individual’s digital systems. These attacks can come in a large variety of ways, and each come with their own challenges. For example, phishing attacks will look like messages sent from a company but trick you into putting in your info so the attacker can use it themselves. Ransomware and malware are other forms of attacks. These are programs that are downloaded onto the machine that can read files, edit them, or even lock out the entire computer. Then there are attacks that try to overload your connection to the internet, called DDoS attacks, which flood your connection with junk information. 

These are all incredibly dangerous and serious issues for anybody with a computer, and as technology advances, we’re finding those computers in everyday objects. If you have any sort of wireless surveillance in your home, that could become a risk. But, by limiting who has access to your devices and watching what you download, you bring that risk down considerably. The steps to better computer safety are simple, anybody can do them, it’s just a matter of spreading that information. Therefore, we’re excited to have the opportunity to work on that goal and help those in our community and elsewhere.

What’s Next?

The next steps of our project are to finalize and practice our Phase One Presentation and prepare for our first presentation. We are really looking forward to collaborating with the Burlington Sunrise Rotary Club. It’s exciting to see the progress we have made with this project and we hope to see a glimpse of what may come next. For Phase Two of this project, we will be looking at privacy risks related to Local Government agencies, non-profits, and small businesses. For example, we’re interested in how we can bring this to more people.

Stay up to date with the Leahy Center by following us on LinkedIn, Twitter, Instagram, and Facebook!

The post The Vermont Privacy Project appeared first on The Leahy Center for Digital Forensics & Cybersecurity.

by

Update: oledump.py Version 0.0.50

This new version brings updates to plugin plugin_biff.py.

This plugin can now produce a CSV list of cell values and formulas (option -c) or a JSON file of values and formulas (option -j).

Cell references are in RC format (row-column), but can also be produced in letters-numbers format (LN, option -r LN).

CSV or JSON output can be piped into my ad-hoc decoding programs.


oledump_V0_0_50.zip (https)
MD5: 30EB6A0E0924E72350B268ADDE4E4EC7
SHA256: 870167AE5576B169EB52572788D04F1FFCEC5C8AFDEBCC59FE3B8B01CBDE6CD9

by

April 1st 2020: FlashPix File With VBA Code

Last year, there was some misunderstanding regarding Office Documents with VBA code mistakenly identified as FlashPix picture files.

The FlashPix picture format is an old format, based on the Compound File Binary Format (what I like to call OLE files). It has no support for VBA code at all (it doesn’t support any embedded scripting).

However, since it is an ole file, it’s technically possible to add storages and streams containing VBA code. This code can never execute, because the FlashPix specifications does not support it, and hence there are no image viewers that would recognize and execute this code.

So I took a FlashPix image (3d996a887c4a1b5b5ce70528f6bb4508). Here you can see the streams it contains:

And then I took a malicious AutoCAD drawing, and copied the VBA streams and storages into the FlashPix file:

Giving me this file 5040ef90824371a0bd0acaa36263553b.When I submitted this file to VirusTotal a couple of months ago, the AV detection ratio was 29/59. Which is far better than the other “AV-alert pictures” that I created.

If you are in need of a benign file that will trigger anti-virus, I shared this FlashPix PoC on the new malware sharing service Malware Bazaar.