Malware Analysis and Deobfuscation With Procmon - Smokeloader Example
https://embee-research.ghost.io/smokeloader-analysis-with-procmon/
https://embee-research.ghost.io/smokeloader-analysis-with-procmon/
Embee Research
Malware Analysis and Deobfuscation With Procmon - Smokeloader Example
Decoding malware loaders using Procmon and Cyberchef. Utilising Powershell to retrieve additional payloads and free online tooling to identify the malware family.
how to brute-force almost any fingerprint-protected Android smartphone
https://arxiv.org/pdf/2305.10791.pdf
https://arxiv.org/pdf/2305.10791.pdf
novel attack on PyPI using compiled Python code to evade detection
https://www.reversinglabs.com/blog/when-python-bytecode-bites-back-who-checks-the-contents-of-compiled-python-files
https://www.reversinglabs.com/blog/when-python-bytecode-bites-back-who-checks-the-contents-of-compiled-python-files
ReversingLabs
When byte code bites: Who checks the contents of compiled Python files? | ReversingLabs
ReversingLabs researchers identified a PyPI attack using compiled Python code to evade detection — possibly the first PYC file direct-execution attack.
Hex-Rays microcode plugin for automated simplification of Windows Kernel decompilation
https://github.com/can1357/NtRays
https://github.com/can1357/NtRays
GitHub
GitHub - can1357/NtRays: Hex-Rays microcode plugin for automated simplification of Windows Kernel decompilation.
Hex-Rays microcode plugin for automated simplification of Windows Kernel decompilation. - can1357/NtRays
Unpacking VIDAR using Time-Travel Debugging (TTD) in WinDbg Preview
https://www.youtube.com/watch?v=HcyCZPNO3qI
https://www.youtube.com/watch?v=HcyCZPNO3qI
YouTube
Unpacking VIDAR using Time-Travel Debugging (TTD) in WinDbg Preview
In the last video, we looked for signs of packing in our malicious sample using IDA Pro. What we found was fairly clear evidence of the use of process hollowing, a common technique of code injection used by malware authors. In this video, I'll introduce Time…
How to Setup CAPEV2 Sandbox - Malware Config & Payload Extractor
https://www.youtube.com/watch?v=ZRrk2QRN7Lc
https://www.youtube.com/watch?v=ZRrk2QRN7Lc
YouTube
How to Setup CAPEV2 Sandbox - Malware Config & Payload Extractor
Learn how to install and setup CapeV2 Sandbox
Support us on GH: https://guidedhacking.com/register/
Support us on Patreon: https://patreon.com/guidedhacking
Support us on YT: https://www.youtube.com/channel/UCCMi6F5Ac3kQDfffWXQGZDw/join
CAPE is a malware…
Support us on GH: https://guidedhacking.com/register/
Support us on Patreon: https://patreon.com/guidedhacking
Support us on YT: https://www.youtube.com/channel/UCCMi6F5Ac3kQDfffWXQGZDw/join
CAPE is a malware…
triage-collector is a triage collection tool for fast forensic.
https://github.com/herosi/triage-collector
https://github.com/herosi/triage-collector
GitHub
GitHub - herosi/triage-collector
Contribute to herosi/triage-collector development by creating an account on GitHub.
VMUnprotect.Dumper can dynamically untamper VMProtected Assembly
https://github.com/void-stack/VMUnprotect.Dumper
https://github.com/void-stack/VMUnprotect.Dumper
GitHub
GitHub - void-stack/VMUnprotect.Dumper: VMUnprotect.Dumper can dynamically untamper VMProtected Assembly.
VMUnprotect.Dumper can dynamically untamper VMProtected Assembly. - void-stack/VMUnprotect.Dumper
a suite of utilities and libraries that enables analysis of binary programs. BAP supports x86, x86-64, ARM, MIPS, PowerPC and new architectures can be added using plugins. BAP includes various analyses, standard interpreter, microexecution interpreter, and a symbolic executor.
https://github.com/BinaryAnalysisPlatform/bap?s=09
https://github.com/BinaryAnalysisPlatform/bap?s=09
GitHub
GitHub - BinaryAnalysisPlatform/bap: Binary Analysis Platform
Binary Analysis Platform. Contribute to BinaryAnalysisPlatform/bap development by creating an account on GitHub.
Unofficial YARA IDA Pro plugin, along with an unparalleled crypto/hash/compression rule set based on Luigi Auriemma's signsrch signatures.
https://github.com/kweatherman/yara4ida
Взамен устаревшего Signsearch плагина
https://github.com/kweatherman/yara4ida
Взамен устаревшего Signsearch плагина
GitHub
GitHub - kweatherman/yara4ida: Unofficial YARA IDA Pro plugin, along with an unparalleled crypto/hash/compression rule set based…
Unofficial YARA IDA Pro plugin, along with an unparalleled crypto/hash/compression rule set based on Luigi Auriemma's signsrch signatures. - kweatherman/yara4ida
An introduction to reverse engineering .NET AOT applications
https://harfanglab.io/en/insidethelab/reverse-engineering-ida-pro-aot-net/
https://harfanglab.io/en/insidethelab/reverse-engineering-ida-pro-aot-net/