Author Archives: hasherezade

About hasherezade

Programmer and researcher, interested in InfoSec.

Process Doppelgänging – a new way to impersonate a process

Recently at Black Hat Europe conference, Tal Liberman and Eugene Kogan form enSilo lab presented a new technique called Process Doppelgänging. The video from the talk is available here. (Also, it is worth mentioning that Tal Liberman is an author … Continue reading

Posted in Malware, Programming, Techniques | Tagged , | 7 Comments

Hook the planet! Solving FlareOn4 Challenge6 with libPeConv

Recently I started making a small library for loading and manipulating PE files (libpeconv – it’s open source, available on my GitHub). In my previous post, I demonstrated how the Challenge 3 from FlareOn4 could be solved with it’s help: … Continue reading

Posted in CrackMe, Programming, Tools | Tagged , , , | Leave a comment

Import all the things! Solving FlareOn4 Challenge 3 with libPeConv

Recently I started making a small library for loading and converting PE files (libpeconv, available on my GitHub). The library is still on early stages of development, so please don’t judge and don’t use it in any serious projects. The … Continue reading

Posted in CrackMe, Programming, Tools | Tagged , , , | 2 Comments

Solving the Shabak’s Airplane challenge – Task 3

Some time ago I solved the Airplane challenge published by Israeli Shin-Bet (Shabak). The crackme has three levels of increasing difficulty. Each one is a 32 bit Windows application. It was a very pleasant task, not difficult but also not … Continue reading

Posted in CrackMe | Tagged | 1 Comment

Solving the Shabak’s Airplane challenge – Tasks 1 and 2

Some time ago I solved the Airplane challenge published by Israeli Shin-Bet (Shabak). The crackme has three levels of increasing difficulty. Each one is a 32 bit Windows application. It was a very pleasant task, not difficult but also not … Continue reading

Posted in CrackMe | Tagged | 1 Comment

Starting with Windows Kernel Exploitation – part 3 – stealing the Access Token

Recently I started learning Windows Kernel Exploitation, so I decided to share some of my notes in form of a blog. In the previous parts I shown how to set up the environment. Now we will get familiar with the … Continue reading

Posted in KernelMode, Tutorial, WKE | Tagged , | 11 Comments

Starting with Windows Kernel Exploitation – part 2 – getting familiar with HackSys Extreme Vulnerable Driver

Recently I started learning Windows Kernel Exploitation, so I decided to share some of my notes in form of a blog. The previous part was about setting up the lab. Now, we will play a bit with HackSysExtremeVulnerableDriver by Ashfaq … Continue reading

Posted in KernelMode, Tutorial, WKE | Tagged , | 8 Comments

Starting with Windows Kernel Exploitation – part 1 – setting up the lab

Recently I started learning Windows Kernel Exploitation, so I decided to share some of my notes in form of a blog. This part will be about setting up the lab. In further parts I am planning to describe how to … Continue reading

Posted in KernelMode, Tutorial, WKE | Tagged | 12 Comments

Hijacking extensions handlers as a malware persistence method

Recently I gave a presentation titled “Wicked malware persistence methods” (read more here). After releasing the slides I got questions about some of the demonstrated methods – especially about the details of extension handler hijacking – so, I decided to … Continue reading

Posted in Malware, Techniques, Tutorial | 4 Comments

Introducing PE_unmapper

Recently I wrote a small tool, that can be used as a helper in malware analysis. Various malware types unpack their core modules in memory, load them and run. In order to unpack them fast, we can let the malware … Continue reading

Posted in Malware, Tools, Tutorial | Tagged , | 1 Comment