Category Archives: Programming

Application shimming vs Import Table recovery

In this post I am sharing a case that I investigated recently, during the tests of my application, PE-sieve. It demonstrates how the shims applied by the operating system can disrupt Imports recovery. Continue reading

Posted in Programming, Uncategorized | Tagged , , , , , , | Leave a comment

Unpacking a malware with libPeConv (Pykspa case study)

In one of the recent episodes of “Open Analysis Live!” Sergei demonstrated how to statically unpack the Pykspa Malware using a Python script. If you haven’t seen this video yet, I recommend you to watch, it is available here – … Continue reading

Posted in Malware, Programming, Tutorial | Tagged | Leave a comment

Process Doppelgänging – a new way to impersonate a process

Recently at Black Hat Europe conference, Tal Liberman and Eugene Kogan form enSilo lab presented a new technique called Process Doppelgänging. The video from the talk is available here. (Also, it is worth mentioning that Tal Liberman is an author … Continue reading

Posted in Malware, Programming, Techniques | Tagged , | 4 Comments

Hook the planet! Solving FlareOn4 Challenge6 with libPeConv

Recently I started making a small library for loading and converting PE files (libpeconv – EARLY BETA available on my GitHub). In my previous post, I demonstrated how the Challenge 3 from FlareOn4 could be solved with it’s help: I … Continue reading

Posted in CrackMe, Programming, Tools | Tagged , , , | Leave a comment

Import all the things! Solving FlareOn4 Challenge 3 with libPeConv

Recently I started making a small library for loading and converting PE files (libpeconv, available on my GitHub). The library is still on early stages of development, so please don’t judge and don’t use it in any serious projects. The … Continue reading

Posted in CrackMe, Programming, Tools | Tagged , , , | 2 Comments