Search found 14 matches

by TSION
Fri Aug 18, 2017 1:01 pm
Forum: Kernel-Mode Development
Topic: WIN64 Driver Development Basic Tutorial
Replies: 19
Views: 36724

Re: WIN64 Driver Development Basic Tutorial

Thanks very much for the share, also is their any additional resources about WIN64 development.
by TSION
Mon Oct 17, 2016 12:29 am
Forum: Malware
Topic: Malware Poc (Curious)
Replies: 3
Views: 2845

Re: Malware Poc (Curious)

Hi again, I had a quick look at it. It looks like a ransomware from a cyber security challenge (Enisa Cyber Europe 2016?). Powershell script, kemel32.dll (a dll which is dropped to %appdata%) and the payload (ransomware?) in the attachment. If you wanted to know if he made it himself why don't you ...
by TSION
Tue Aug 16, 2016 2:08 pm
Forum: Malware
Topic: List of pseudo-APT campaigns
Replies: 1
Views: 31150

Re: List of pseudo-APT campaigns

EP_XOFF should be very interesting for an amateur reverse engineer and should be interesting experience.
by TSION
Mon Aug 01, 2016 9:40 pm
Forum: Newbie Questions
Topic: Getting Back
Replies: 3
Views: 5438

Re: Getting Back

Yeah due to me being busy with academics and such.
by TSION
Sun Jul 31, 2016 9:25 pm
Forum: Newbie Questions
Topic: Getting Back
Replies: 3
Views: 5438

Getting Back

Haven't been doing Malware Analysis/Reversing in about 2 Months any ideas how get back into the game ?
by TSION
Sun Jul 31, 2016 9:18 pm
Forum: Newbie Questions
Topic: Unknown algorithm in forloop
Replies: 3
Views: 5109

Re: Unknown algorithm in forloop

EXC seems to indicate how many loop iterations to execute. It seems not to contain any memory address. I see no write access through EXC (and no write access to EXC itself except that decrements at the end of each loop). I am quite unsure what you'd like to know. To extend on what was previously st...
by TSION
Sun Jul 31, 2016 9:11 pm
Forum: Reverse Engineering and Debugging
Topic: Reversing Android dynamic dexloader
Replies: 1
Views: 9334

Re: Reversing Android dynamic dexloader

DMEW I haven't reversed anything in a while (Windows/Android/Linux) but there is a technique used in this tool called DexHunter which basically unpacks the packed Dex file via exploiting the implementation of the android run-time features.The general way you want to attack this is to unpack the pack...
by TSION
Fri May 20, 2016 1:11 am
Forum: Kernel-Mode Development
Topic: Basics of Windows Kernel Internals
Replies: 0
Views: 7441

Basics of Windows Kernel Internals

Publishing some reference guides on the basics of the Windows Kernel Arch. link is below
https://gist.github.com/zophike1/295445 ... 2687761cca
by TSION
Sun Apr 24, 2016 3:58 pm
Forum: Kernel-Mode Development
Topic: Static bypass patchGuard and DSE on win8.1
Replies: 3
Views: 16308

Re: Static bypass patchGuard and DSE on win8.1

Hello,KernelMode.info The following English translation from Google: Thanks fyyre the bootloader v2, I use a method which was destroyed patchGruad, but did not crack the drive load signature (DSE), the success of my own research after cracks, will now talk about the method, it may be obsolete, sinc...
by TSION
Sat Apr 23, 2016 8:45 pm
Forum: General Discussion
Topic: What is the most interesting Malware you have encountered.
Replies: 2
Views: 6855

What is the most interesting Malware you have encountered.

Lately there has been lots of copy-paste malware and uninteresting attack vectors,if you could can you as a community describe some of the interesting things you've encountered and your ventures with that particular sample ?