-
Recent Posts
Archives
- November 2022 (1)
- October 2022 (2)
- February 2022 (1)
- January 2022 (1)
- October 2021 (3)
- January 2021 (1)
- December 2020 (1)
- September 2019 (1)
- June 2019 (1)
- January 2019 (1)
- July 2018 (1)
- April 2018 (1)
- February 2018 (1)
- January 2018 (2)
- December 2017 (2)
- November 2017 (1)
- June 2017 (4)
- May 2017 (2)
- December 2016 (1)
- November 2016 (1)
- July 2016 (3)
- June 2016 (1)
- April 2016 (1)
- March 2016 (2)
- February 2016 (1)
- October 2014 (1)
- March 2014 (1)
- February 2014 (2)
- January 2014 (1)
- November 2013 (1)
- October 2013 (1)
- September 2013 (1)
- August 2013 (1)
- July 2013 (3)
- July 2012 (1)
- May 2012 (1)
- April 2012 (1)
Categories
- CONfidence (3)
- CrackMe (18)
- KernelMode (4)
- Malware (13)
- Malware Decryptor (5)
- PE-bear (12)
- Programming (5)
- Techniques (4)
- Tools (9)
- Tutorial (14)
- Uncategorized (3)
- WKE (3)
Blog Stats
- 911,613 hits
All my works included here are licensed under:
Category Archives: Tutorial
Ida tips: how to use a custom structure
Applying custom structures make the result of decompilation much more readable. This is how the same fragment of the code looks before and after proper structures being applied: Before: After: In this short post, I will demonstrate how to add … Continue reading
Python scripting for WinDbg: a quick introduction to PyKd
PyKd is a plugin for WinDbg allowing to deploy Python scripts . It can be very helpful i.e. for tracing and deobfuscation of obfuscated code. In this small tutorial I will demonstrate how to install it and make everything work. … Continue reading
Posted in Tools, Tutorial
6 Comments
Flare-On 7 – Task 9
This year’s FlareOn was very interesting. I managed to finish it with 87th place. In this small series I will describe my favorite tasks, and how I solved them. I hope to provide some educational value for others, so this … Continue reading
How to compile a PIN tool using Visual Studio 2017
UPDATE: the described problems in compiling the default PIN projects seems to be fixed in the new PIN release: 3.10. PIN (of Intel) is a great platform for dynamic binary instrumentation. I use it on daily for tracing and deobfuscating … Continue reading
Posted in Tutorial
6 Comments
Unpacking a malware with libPeConv (Pykspa case study)
In one of the recent episodes of “Open Analysis Live!” Sergei demonstrated how to statically unpack the Pykspa Malware using a Python script. If you haven’t seen this video yet, I recommend you to watch, it is available here – … Continue reading
Starting with Windows Kernel Exploitation – part 3 – stealing the Access Token
Recently I started learning Windows Kernel Exploitation, so I decided to share some of my notes in form of a blog. In the previous parts I shown how to set up the environment. Now we will get familiar with the … Continue reading
Starting with Windows Kernel Exploitation – part 2 – getting familiar with HackSys Extreme Vulnerable Driver
Recently I started learning Windows Kernel Exploitation, so I decided to share some of my notes in form of a blog. The previous part was about setting up the lab. Now, we will play a bit with HackSysExtremeVulnerableDriver by Ashfaq … Continue reading
Starting with Windows Kernel Exploitation – part 1 – setting up the lab
Recently I started learning Windows Kernel Exploitation, so I decided to share some of my notes in form of a blog. This part will be about setting up the lab. In further parts I am planning to describe how to … Continue reading
Hijacking extensions handlers as a malware persistence method
Recently I gave a presentation titled “Wicked malware persistence methods” (read more here). After releasing the slides I got questions about some of the demonstrated methods – especially about the details of extension handler hijacking – so, I decided to … Continue reading
Posted in Malware, Techniques, Tutorial
4 Comments