Category: RCE

Limon Sandbox for Analyzing Linux Malwares

A number of devices are running Linux due to its flexibility and open source nature. This has made Linux platform the target for malware...

I’m Cuckoo for Malware (malware analysis tutorial)

Recently in my internship, I was posed with a significant problem. One of the PCs at the company I work for was hit with a new kind of...

Hardening IIS Security

Security is an essential part of a web application and should be taken into consideration from the first stage of the development process....

Cracking 64bit Binaries

Keygenning is a process of finding a valid key for a program. It is used for cracking/piracy. Most of the cracking has been documented on...

Install CuckooBox for Malware and Virus Analysis

CuckooBox is an automatic malware analysis tool written 100% in Python, the architecture is very interesting and it is based on a...

Introduction to Malware Analysis – Free Recorded Webcast

Introduction to Malware Analysis – Free Recorded Webcast

5 Steps to Building a Malware Analysis Toolkit Using Free Tools

5 Steps to Building a Malware Analysis Toolkit Using Free Tools

Evaluation of Automated Malware Analysis Tools CWSandBox, PeID, and Other Unpacking Tools

Evaluation of Automated Malware Analysis Tools

Evaluation of Automated Malware Analysis System I (Anubis)

Evaluation of Automated Malware Analysis System I (Anubis)

Exploration of Botnet Client

Exploration of Botnet Client

Exposing Hidden Control Flow

Exposing Hidden Control Flow

Self-Overwriting COM Loading for Remote Loading DLL

Self-Overwriting COM Loading for Remote Loading DLL

Stealthy Library Loading II (Using Self-Modifying APC)

Stealthy Library Loading II (Using Self-Modifying APC)

Break Max++ Rootkit Hidden Drive Protection

Break Max++ Rootkit Hidden Drive Protection

Stealthy Loading of Malicious DLL

Stealthy Loading of Malicious DLL

Rootkit Configuration

Rootkit Configuration

Deferred Procedure Call (DPC) and TCP Connection

Deferred Procedure Call (DPC) and TCP Connection

Tracing Malicious TDI Network Behaviors of Max++

Tracing Malicious TDI Network Behaviors of Max++

Tracing Kernel Data Using Data Breakpoints

Tracing Kernel Data Using Data Breakpoints

IRP Handler and Infected Disk Driver

IRP Handler and Infected Disk Driver

Hijack Disk Driver

Hijack Disk Driver

Kernel Debugging – Intercepting Driver Loading

Kernel Debugging - Intercepting Driver Loading

Anatomy of Infected Driver

Anatomy of Infected Driver

Infecting Driver Files (Part II: Simple Infection)

Infecting Driver Files (Part II: Simple Infection)

Infecting Driver Files (Part I: Randomly Select a System Module)

Infecting Driver Files (Part I: Randomly Select a System Module)

Return Oriented Programming (Return to LIBC) Attack

Return Oriented Programming (Return to LIBC) Attack

Injecting Thread into a Running Process

Injecting Thread into a Running Process

Retrieve Self-Decoding Key

Learning Goals: Understand PE manifest Practice analyzing function call parameters and stack Applicable to: Operating Systems Assembly...

Tracing DLL Entry Point

Learning Goals: Understand C calling convention Practice reverse engineering Applicable to: Operating Systems Assembly Language 1....

Debug the Debugger – Fix Module Information and UDD File

Learning Goals: Understand how debugger saves debugger information Know how to use binary editor to examine file contents Trouble shooting...