-
Recent Posts
- Solving the Shabak’s Airplane challenge – Task 3
- Solving the Shabak’s Airplane challenge – Tasks 1 and 2
- Starting with Windows Kernel Exploitation – part 3 – stealing the Access Token
- Starting with Windows Kernel Exploitation – part 2 – getting familiar with HackSys Extreme Vulnerable Driver
- Starting with Windows Kernel Exploitation – part 1 – setting up the lab
Archives
- June 2017 (4)
- May 2017 (2)
- December 2016 (1)
- November 2016 (1)
- July 2016 (3)
- June 2016 (1)
- April 2016 (1)
- March 2016 (2)
- February 2016 (1)
- October 2014 (1)
- March 2014 (1)
- February 2014 (2)
- January 2014 (1)
- November 2013 (1)
- October 2013 (1)
- September 2013 (1)
- August 2013 (1)
- July 2013 (3)
- July 2012 (1)
- May 2012 (1)
- April 2012 (1)
Categories
- CONfidence (3)
- CrackMe (7)
- Malware (11)
- Malware Decryptor (5)
- PE-bear (10)
- Tools (6)
- Tutorial (8)
- Uncategorized (1)
- WKE (3)
Blog Stats
- 134,414 hits
All my works included here are licensed under:
Category Archives: Tutorial
Starting with Windows Kernel Exploitation – part 3 – stealing the Access Token
Recently I started learning Windows Kernel Exploitation, so I decided to share some of my notes in form of a blog. In the previous parts I shown how to set up the environment. Now we will get familiar with the … Continue reading
Starting with Windows Kernel Exploitation – part 2 – getting familiar with HackSys Extreme Vulnerable Driver
Recently I started learning Windows Kernel Exploitation, so I decided to share some of my notes in form of a blog. The previous part was about setting up the lab. Now, we will play a bit with HackSysExtremeVulnerableDriver by Ashfaq … Continue reading
Starting with Windows Kernel Exploitation – part 1 – setting up the lab
Recently I started learning Windows Kernel Exploitation, so I decided to share some of my notes in form of a blog. This part will be about setting up the lab. In further parts I am planning to describe how to … Continue reading
Hijacking extensions handlers as a malware persistence method
Recently I gave a presentation titled “Wicked malware persistence methods” (read more here). After releasing the slides I got questions about some of the demonstrated methods – especially about the details of extension handler hijacking – so, I decided to … Continue reading
Posted in Malware, Tutorial
2 Comments
Introducing PE_unmapper
Recently I wrote a small tool, that can be used as a helper in malware analysis. Various malware types unpack their core modules in memory, load them and run. In order to unpack them fast, we can let the malware … Continue reading
How to turn a DLL into a standalone EXE
During malware analysis we can often encounter payloads in form of DLLs. Analyzing them dynamically may not be very handy, because they need some external loaders to run. Different researchers have different tricks to deal with them. In this post … Continue reading
Posted in Malware, Tutorial
5 Comments
Unpacking NSIS-based Crypter – part 2
After publishing my short tutorial about unpacking NSIS-based crypter I got one more sample from a reader who complained that my method doesn’t work – so I decided to take a look inside. Of course cybercriminals continuously work on improving … Continue reading
Posted in Malware, Tutorial
2 Comments
