Category Archives: Tutorial

How to compile a PIN tool using Visual Studio 2017

Posted on July 16, 2018 by hasherezade

PIN (of Intel) is a great platform for dynamic binary instrumentation. I use it on daily for tracing and deobfuscating malware, and I often recommend it to others. Unfortunately, figuring out how to set it up is not so straight-forward. … Continue reading →

Posted in Tutorial | 2 Comments

Unpacking a malware with libPeConv (Pykspa case study)

Posted on January 29, 2018 by hasherezade

In one of the recent episodes of “Open Analysis Live!” Sergei demonstrated how to statically unpack the Pykspa Malware using a Python script. If you haven’t seen this video yet, I recommend you to watch, it is available here – … Continue reading →

Posted in Malware, Programming, Tutorial | Tagged libpeconv | Leave a comment

Solving a PyInstaller-compiled crackme

Posted on January 26, 2018 by hasherezade

I got this crackme from one of my readers, who asked me for the help in understanding how to solve it. As he wrote in the e-mail, it comes “from last year competition by the CheckPoint company”. I promised to … Continue reading →

Posted in CrackMe, Tutorial | Tagged PyInstaller, Python | Leave a comment

Starting with Windows Kernel Exploitation – part 3 – stealing the Access Token

Posted on June 22, 2017 by hasherezade

Recently I started learning Windows Kernel Exploitation, so I decided to share some of my notes in form of a blog. In the previous parts I shown how to set up the environment. Now we will get familiar with the … Continue reading →

Posted in KernelMode, Tutorial, WKE | Tagged Kernel, WKE | 8 Comments

Starting with Windows Kernel Exploitation – part 2 – getting familiar with HackSys Extreme Vulnerable Driver

Posted on June 5, 2017 by hasherezade

Recently I started learning Windows Kernel Exploitation, so I decided to share some of my notes in form of a blog. The previous part was about setting up the lab. Now, we will play a bit with HackSysExtremeVulnerableDriver by Ashfaq … Continue reading →

Posted in KernelMode, Tutorial, WKE | Tagged Kernel, WKE | 7 Comments

Starting with Windows Kernel Exploitation – part 1 – setting up the lab

Posted on May 28, 2017 by hasherezade

Recently I started learning Windows Kernel Exploitation, so I decided to share some of my notes in form of a blog. This part will be about setting up the lab. In further parts I am planning to describe how to … Continue reading →

Posted in KernelMode, Tutorial, WKE | Tagged Kernel | 9 Comments

Hijacking extensions handlers as a malware persistence method

Posted on May 25, 2017 by hasherezade

Recently I gave a presentation titled “Wicked malware persistence methods” (read more here). After releasing the slides I got questions about some of the demonstrated methods – especially about the details of extension handler hijacking – so, I decided to … Continue reading →

Posted in Malware, Techniques, Tutorial | 2 Comments

Category Archives: Tutorial

How to compile a PIN tool using Visual Studio 2017

Unpacking a malware with libPeConv (Pykspa case study)

Solving a PyInstaller-compiled crackme

Starting with Windows Kernel Exploitation – part 3 – stealing the Access Token

Starting with Windows Kernel Exploitation – part 2 – getting familiar with HackSys Extreme Vulnerable Driver

Starting with Windows Kernel Exploitation – part 1 – setting up the lab

Hijacking extensions handlers as a malware persistence method

Recent Posts

Archives

Categories

Blog Stats

All my works included here are licensed under: