-
Recent Posts
Archives
- November 2022 (1)
- October 2022 (2)
- February 2022 (1)
- January 2022 (1)
- October 2021 (3)
- January 2021 (1)
- December 2020 (1)
- September 2019 (1)
- June 2019 (1)
- January 2019 (1)
- July 2018 (1)
- April 2018 (1)
- February 2018 (1)
- January 2018 (2)
- December 2017 (2)
- November 2017 (1)
- June 2017 (4)
- May 2017 (2)
- December 2016 (1)
- November 2016 (1)
- July 2016 (3)
- June 2016 (1)
- April 2016 (1)
- March 2016 (2)
- February 2016 (1)
- October 2014 (1)
- March 2014 (1)
- February 2014 (2)
- January 2014 (1)
- November 2013 (1)
- October 2013 (1)
- September 2013 (1)
- August 2013 (1)
- July 2013 (3)
- July 2012 (1)
- May 2012 (1)
- April 2012 (1)
Categories
- CONfidence (3)
- CrackMe (18)
- KernelMode (4)
- Malware (13)
- Malware Decryptor (5)
- PE-bear (12)
- Programming (5)
- Techniques (4)
- Tools (9)
- Tutorial (14)
- Uncategorized (3)
- WKE (3)
Blog Stats
- 911,606 hits
All my works included here are licensed under:
Tag Archives: PE
Application shimming vs Import Table recovery
In this post I am sharing a case that I investigated recently, during the tests of my application, PE-sieve. It demonstrates how the shims applied by the operating system can disrupt Imports recovery. Continue reading
Posted in Programming, Uncategorized
Tagged Import, Import Table, Import Table rebuilding, Import Table recovery, PE, PE-sieve, shim
1 Comment
Process Doppelgänging – a new way to impersonate a process
Recently at Black Hat Europe conference, Tal Liberman and Eugene Kogan form enSilo lab presented a new technique called Process Doppelgänging. The video from the talk is available here. (Also, it is worth mentioning that Tal Liberman is an author … Continue reading
Import all the things! Solving FlareOn4 Challenge 3 with libPeConv
Recently I started making a small library for loading and converting PE files (libpeconv, available on my GitHub). The library is still on early stages of development, so please don’t judge and don’t use it in any serious projects. The … Continue reading
Introducing PE_unmapper
Recently I wrote a small tool, that can be used as a helper in malware analysis. Various malware types unpack their core modules in memory, load them and run. In order to unpack them fast, we can let the malware … Continue reading
Introducing PE-bear: a new viewer/editor for PE files
Hi! Today I would like to introduce my new project – PE-bear. In short words – it is a viewer/editor for PE32 and PE64 files. You may ask – why the hell another PE reversing tool? Well, I started developing … Continue reading
Posted in PE-bear, Tools
Tagged malware analysis, PE, PE editor, PE reverser, PE viewer, PE-bear, RCE tools
4 Comments
hasherezade's 1001 nights 