How to Easily Analyze a Malicious Javascript Attachment

This tutorial is very much like my prior one, has the same JavaScript attachment however in my prior video I did a deep dive on dissecting the JavaScript and in this one I let the browser do the work for me. This makes it quick and easy to determine where any JavaScript is directing you. Do not try this unless you know what you are doing and if you do you accept full responsibility for infecting your system if you do. The safest way to protect you is to use a browser you do not use (empty cookies, history, cache, everything), use it in incognito mode and DISCONNECT your internet connection.



Malicious Email Attachment – Javascript Obfuscation (How to Decode)

This video is a demonstration on how to “decode” malicious email attachments that contain obfuscated javascript, or javascript that contains malicious code that is not in an easily readable human format. The purpose of this demonstration is to show you my methodology for decoding the contents of the malicious attachment and help understand what the threat or risk is. This is very useful to do to know what URLs to block or understand what damage has likely been done in the event someone who has received this email has become compromised.


How to hide a Truecrypt volume within an image – Ubuntu

This video shows how to add a Truecrypt volume to an image (join the two files) so that it still looks like an image to the untrained eye. I then post it on the internet, download it and run a script (included below) to access the Truecrypt volume.

The work has been completed for you, the password is included below as well as the mounttc script I wrote and the address to access the file. This should be everything you need to access the file within the Truecrypt container attached to the image. Once you have access to the file follow the instructions and let me know you have completed the challenge.

Password for the Truecrypt container:

Location where you can download the image that contains the truecrypt container:…

This is MY sample mounttc file (just to make it easy), it will need to be adjusted to fit your system and file directories specific to your setup. You can consider this a working example that you can modify to create your own instance.

split -b393487 image.jpg
sudo truecrypt -t -k xaa –protect-hidden=no xab /media/truecrypt1
wipe -f xaa
wipe -f xab

I DO NOT ADVOCATE PUTTING SENSITIVE FILES ON THE INTERNET IN THIS FASHION. If you do store your password in a plain text file on something like, google drive, etc for backing it up then this method is MUCH better and safer. There are NEVER any guarantees that encryption cannot be broken and sensitive data accessed. This is for learning purposes and if you choose to use this method you do so at your own risk.


Test Your Password Strength Against John the Ripper

This is a demonstration video on how to test the strength of your passwords on an Ubuntu system against the John the Ripper password cracker. It is important to know how fast these tools can actually work to crack passwords and how to protect yourself against them finding your password. In my example password, password1 and elephant were all found in under 20 seconds and I don’t have a fast machine. Btw… these were test accounts I removed immediately after making the video 🙂


Truecrypt Tutorial – Ubuntu 11.04

This is a tutorial on how to install and use truecrypt on an Ubuntu 64 bit 11.04 system. The method should work for most distributions of Linux. I will show the simple installation process, how to create a truecrypt container and protect is using a password and keyfile. I also demonstrate how changing the keyfile will make the truecrypt container inaccessible.

I hope you find this tutorial useful.

How to determine where an email was sent from (tutorial)

This video explains how to trace an email back to where it originated (or was sent from). This does not mean that the location the email came from is where the person who sent it is, but it does help to determine in most cases where an email was sent from. Information which you can use to determine the legitimacy of any email, spam or otherwise.


Google Authenticator for SSH access on Ubuntu 11.04 – OTP

This video describes at a high level what it takes to configure Ubuntu 11.04 ssh access to require a verification code from Google Authenticator. Here are some useful links:

WebbyNotes Guide:…

Guide by Jean-Francois Theroux (Installation / Configuration):…

Download the Ubuntu Google Authenticator package for Ubuntu:…

Background can be found here:…