-
Recent Posts
Archives
- April 2018 (1)
- February 2018 (1)
- January 2018 (2)
- December 2017 (2)
- November 2017 (1)
- June 2017 (4)
- May 2017 (2)
- December 2016 (1)
- November 2016 (1)
- July 2016 (3)
- June 2016 (1)
- April 2016 (1)
- March 2016 (2)
- February 2016 (1)
- October 2014 (1)
- March 2014 (1)
- February 2014 (2)
- January 2014 (1)
- November 2013 (1)
- October 2013 (1)
- September 2013 (1)
- August 2013 (1)
- July 2013 (3)
- July 2012 (1)
- May 2012 (1)
- April 2012 (1)
Categories
- CONfidence (3)
- CrackMe (11)
- KernelMode (3)
- Malware (13)
- Malware Decryptor (5)
- PE-bear (11)
- Programming (4)
- Techniques (4)
- Tools (7)
- Tutorial (10)
- WKE (3)
Blog Stats
- 189,557 hits
All my works included here are licensed under:
Category Archives: Tutorial
Unpacking a malware with libPeConv (Pykspa case study)
In one of the recent episodes of “Open Analysis Live!” Sergei demonstrated how to statically unpack the Pykspa Malware using a Python script. If you haven’t seen this video yet, I recommend you to watch, it is available here – … Continue reading
Starting with Windows Kernel Exploitation – part 3 – stealing the Access Token
Recently I started learning Windows Kernel Exploitation, so I decided to share some of my notes in form of a blog. In the previous parts I shown how to set up the environment. Now we will get familiar with the … Continue reading
Starting with Windows Kernel Exploitation – part 2 – getting familiar with HackSys Extreme Vulnerable Driver
Recently I started learning Windows Kernel Exploitation, so I decided to share some of my notes in form of a blog. The previous part was about setting up the lab. Now, we will play a bit with HackSysExtremeVulnerableDriver by Ashfaq … Continue reading
Starting with Windows Kernel Exploitation – part 1 – setting up the lab
Recently I started learning Windows Kernel Exploitation, so I decided to share some of my notes in form of a blog. This part will be about setting up the lab. In further parts I am planning to describe how to … Continue reading
Hijacking extensions handlers as a malware persistence method
Recently I gave a presentation titled “Wicked malware persistence methods” (read more here). After releasing the slides I got questions about some of the demonstrated methods – especially about the details of extension handler hijacking – so, I decided to … Continue reading
Posted in Malware, Techniques, Tutorial
2 Comments
Introducing PE_unmapper
Recently I wrote a small tool, that can be used as a helper in malware analysis. Various malware types unpack their core modules in memory, load them and run. In order to unpack them fast, we can let the malware … Continue reading
