...Continued from Part 1.
I was able to extract the shellcode from the attacks in June and July. I opened the X86 code in IDA Pro and was baffled, I knew it would take time and research to figure out what the attacker was trying to accomplish. Though I could easily see that part of the code was trying to bootstrap a malicious binary. Since then I've read a paper titled "Understanding Windows Shellcode" (by skape firstname.lastname@example.org) which explained what our friend Pat Casey was doing, almost line by line.