About Tom Wilson

Tom is a senior Research & Developer at Nettitude.

Apache mod_python for red teams

Nettitude’s red team engagements are typically designed to be as highly targeted and as stealthy as possible. For the command and control (C2) infrastructure, this means layering several techniques. We hide all of [...]

By |2018-05-31T13:00:41+00:00May 31, 2018|

WinDbg: using pykd to dump private symbols

We’ve recently been conducting some reverse engineering and vulnerability analysis on an Anti Virus (AV) product and wanted to attach Rohitab API Monitor to one of the AV’s running processes so that I [...]

By |2018-04-11T16:35:42+00:00April 11, 2018|

HMRC Phishing Scam

In the last few days, Nettitude’s threat intelligence platform has picked up a mass phishing campaign – involving the distribution over nearly two million individual emails – targeting HMRC customers. The attackers attempt [...]

By |2016-01-29T14:13:44+00:00January 29, 2016|

Pony malware two years later

Overview Two years after first gaining notoriety, the Pony Botnet remains very active. The malware is primarily targeted at the theft of user credentials from applications such as web browsers and email applications, [...]

By |2015-10-22T09:44:19+00:00October 22, 2015|

Windows Inline Function Hooking

Hooking can be used by legitimate software for reverse engineering, for example, to examine the user mode function calls that a malicious program is making. It can also be used by a malicious [...]

By |2015-03-18T10:27:47+00:00March 18, 2015|

DLL Injection: Part Two

In a previous blog post I gave a high level overview of DLL injection, what it is used for and how it might be achieved. More than one method exists to get our [...]

By |2015-03-04T11:02:14+00:00March 4, 2015|
Load More Posts
Go to Top