Category Archives: Tutorial

Ida tips: how to use a custom structure

Applying custom structures make the result of decompilation much more readable. This is how the same fragment of the code looks before and after proper structures being applied: Before: After: In this short post, I will demonstrate how to add … Continue reading

Posted in Tutorial | Tagged | Leave a comment

Python scripting for WinDbg: a quick introduction to PyKd

PyKd is a plugin for WinDbg allowing to deploy Python scripts . It can be very helpful i.e. for tracing and deobfuscation of obfuscated code. In this small tutorial I will demonstrate how to install it and make everything work. … Continue reading

Posted in Tools, Tutorial | 6 Comments

Flare-On 7 – Task 9

This year’s FlareOn was very interesting. I managed to finish it with 87th place. In this small series I will describe my favorite tasks, and how I solved them. I hope to provide some educational value for others, so this … Continue reading

Posted in CrackMe, KernelMode, Tutorial | Tagged , , | 6 Comments

How to compile a PIN tool using Visual Studio 2017

UPDATE: the described problems in compiling the default PIN projects seems to be fixed in the new PIN release: 3.10. PIN (of Intel) is a great platform for dynamic binary instrumentation. I use it on daily for tracing and deobfuscating … Continue reading

Posted in Tutorial | 6 Comments

Unpacking a malware with libPeConv (Pykspa case study)

In one of the recent episodes of “Open Analysis Live!” Sergei demonstrated how to statically unpack the Pykspa Malware using a Python script. If you haven’t seen this video yet, I recommend you to watch, it is available here – … Continue reading

Posted in Malware, Programming, Tutorial | Tagged | Leave a comment

Solving a PyInstaller-compiled crackme

I got this crackme from one of my readers, who asked me for the help in understanding how to solve it. As he wrote in the e-mail, it comes “from last year competition by the CheckPoint company”. I promised to … Continue reading

Posted in CrackMe, Tutorial | Tagged , | 7 Comments

Starting with Windows Kernel Exploitation – part 3 – stealing the Access Token

Recently I started learning Windows Kernel Exploitation, so I decided to share some of my notes in form of a blog. In the previous parts I shown how to set up the environment. Now we will get familiar with the … Continue reading

Posted in KernelMode, Tutorial, WKE | Tagged , | 11 Comments

Starting with Windows Kernel Exploitation – part 2 – getting familiar with HackSys Extreme Vulnerable Driver

Recently I started learning Windows Kernel Exploitation, so I decided to share some of my notes in form of a blog. The previous part was about setting up the lab. Now, we will play a bit with HackSysExtremeVulnerableDriver by Ashfaq … Continue reading

Posted in KernelMode, Tutorial, WKE | Tagged , | 8 Comments

Starting with Windows Kernel Exploitation – part 1 – setting up the lab

Recently I started learning Windows Kernel Exploitation, so I decided to share some of my notes in form of a blog. This part will be about setting up the lab. In further parts I am planning to describe how to … Continue reading

Posted in KernelMode, Tutorial, WKE | Tagged | 12 Comments

Hijacking extensions handlers as a malware persistence method

Recently I gave a presentation titled “Wicked malware persistence methods” (read more here). After releasing the slides I got questions about some of the demonstrated methods – especially about the details of extension handler hijacking – so, I decided to … Continue reading

Posted in Malware, Techniques, Tutorial | 4 Comments