Search found 268 matches

by kmd
Thu Dec 06, 2018 4:12 am
Forum: Completed Malware Requests
Topic: Looking for presumably NATO supplied APT
Replies: 1
Views: 145

Looking for presumably NATO supplied APT

only MD5:

92b1c50c3ddf8289e85cbb7f8eead077
1cbc626abbe10a4fae6abf0f405c35e2
2abb76d71fb1b43173589f56e461011b

Thanks!
by kmd
Mon Oct 03, 2016 9:27 am
Forum: Tools/Software
Topic: DSEFix - Defeating x64 Driver Signature Enforcement
Replies: 39
Views: 172855

Re: DSEFix - Defeating x64 Driver Signature Enforcement

Hello, are you goinh to use doing capcom.sys for similar loader?
by kmd
Sun Jun 19, 2016 12:26 pm
Forum: Malware
Topic: Taggant vs malware
Replies: 1
Views: 3618

Taggant vs malware

Hey,
http://standards.ieee.org/develop/indco ... aggant.pdf is it worth anything Vs. malware? Opinions?
by kmd
Thu Feb 11, 2016 5:55 am
Forum: Tools/Software
Topic: VBoxAntiVMDetectHardened mitigation X64 only
Replies: 249
Views: 1684199

Re: VBoxAntiVMDetectHardened mitigation X64 only (27/01/16)

is there any patch for 5.0.14 available? thanks!
by kmd
Wed Jan 20, 2016 9:55 am
Forum: Malware
Topic: ZeroAccess (alias MaxPlus, Sirefef)
Replies: 557
Views: 524910

Re: ZeroAccess (alias MaxPlus, Sirefef)

hi, why number of bots online so small?
by kmd
Fri Jun 19, 2015 2:32 pm
Forum: Tools/Software
Topic: UACMe - Defeating Windows User Account Control
Replies: 136
Views: 393771

Re: UACMe - Defeating Windows User Account Control

In addition 10147 broke ISecurityEditor->SetSecurity method. It now returns E_INVALID_ARG. It could be method parameters change or internal reworking. This mean methods related to Simda are dead. Dead for a while (if it possible to recover new definition of interface) or completely (if this change ...
by kmd
Tue Mar 31, 2015 3:05 pm
Forum: Tools/Software
Topic: UACMe - Defeating Windows User Account Control
Replies: 136
Views: 393771

Re: UACMe - Defeating Windows User Account Control

have you figured out why gootkit method doesnt work on win10?
by kmd
Wed Jan 28, 2015 5:29 pm
Forum: Malware
Topic: Necurs - another x64 rootkit
Replies: 70
Views: 92164

Re: Necurs - another x64 rootkit

me again 8-) i'm plan to test this rootkit on x64 windows, should i take latest win version or try on smth like windows 7?
by kmd
Wed Jan 28, 2015 5:27 pm
Forum: Reverse Engineering and Debugging
Topic: warthunder and windbg
Replies: 2
Views: 6772

Re: warthunder and windbg

yeah they have this check in all exe-s, maybe sort of shared framework, anyway simple patch of NtQuerySystemInformation did the job.
by kmd
Mon Jan 19, 2015 5:45 pm
Forum: Reverse Engineering and Debugging
Topic: warthunder and windbg
Replies: 2
Views: 6772

warthunder and windbg

hi guys, dont think it isn't advertising :D I'm tried warthunder (wot clone) and surprisely it won't start if windbg is running. Not launcher not game itself. It started after i disabled debug mode. Only after this. The question: how it detect it and how to bypass this, coz i really dont want to do ...