/Malware-analysis-and-Reverse-engineering

Some of my publicly available Malware analysis and Reverse engineering.

Primary LanguagePython

Malware-analysis-and-Reverse-engineering

Some of my publicly available Malware analysis and Reverse engineering. (Reports, tips, tricks...)

[Reverse engineering KPOT v2.0 Stealer]

[Debugging MBR - IDA + Bochs Emulator (CTF example)]

[TLS decryption in Wireshark]

[Ryuk Ransomware - API Resolving and Imports reconstruction]

[Formbook Reversing]

[Reversing encoded shellcode]

[WINDBG Kernel&User Mode Debugging (EPROCESS, ETHREAD, TEB, PEB...)]

[Cutter 2.0 - Introduction of new features (Reverse Debugging...)]

[Tracing C function fopen]

Tracing C function fopen [Part1] - IDA Free User-Mode Walk-Through tracing to NTApi
Tracing C function fopen [Part2] - Windbg Kernel Debugging - Walk-Through User-Mode to Kernel Executive Subsytem

[Visible vs Hidden vs VeryHidden Sheet - Excel Binary File Format (.xls)]

[Exploiting CVE-2019-0708 (BlueKeep) using Metasploit (Manual settings GROOMBASE + GROOMSIZE)]

[Abusing External Resource References MSOffice]

Abusing External Resource References MSOffice [part1] - TEMPLATE_INJECTION
Abusing External Resource References MSOffice [part2] - OLEOBJECT_INJECTION

[Real-Time Solving CyberDefenders "DumpMe" MemoryForensics Challenge in 1 hour]

[Volatility3 Output Formatting Trick in PS]

[Advanced Memory Forensics (Windows) - Threat_Hunting and Initial Malware_Analysis]

[LokiBot Analyzing]

[1] Lokibot analyzing - defeating GuLoader with Windbg (Kernel debugging) and Live C2
[2] Lokibot analyzing - spoofing GULoader and LokiBot C2 [part1] - Own implementation in Python
[2] Lokibot analyzing - spoofing GULoader and LokiBot C2 [part2] - Inetsim + BurpSuite
[3] Lokibot analyzing - Reversing, API Hashing, decoding

[Fast API resolving of REvil Ransomware related to Kaseya attack]

[Dancing with COM - Deep dive into understanding Component Object Model]

What is COM and its Functionality, COM in Registry (Tools - COM viewers), COM Client-Server (Using Powershell/.NET COM Client), Reversing COM instances and methods in IDA (Structures, Types, ComIDA plugin), Interesting way of using COM Method in LokiBot malware sample

[HiveNightmare - Bug in ACLs of Registry Hives]

[Finding Vulnerability in PE parsing tool - NEVER trust tool you didn´t write by your own]