A forum for reverse engineering, OS internals and malware analysis 

Search found 18 matches

 Go to advanced search

Direct Memory Access (DMA) Attack Software - Map Processes to Files and Folders - DMA over PCIe (No Drivers Needed on Target System) Github Sources Project Wiki Pages Youtube Channel with Example Videos Capabilities: Retrieve memory from the target system at >150MB/s. Write data to the target syste...

Reverse engineering of Mikrotik exploit from Vault 7 CIA Leaks

 by TechLord ¦  Wed Mar 14, 2018 10:39 am ¦  Forum: Malware ¦  Topic: Reverse engineering of Mikrotik exploit from Vault 7 CIA Leaks ¦  Replies: 0 ¦  Views: 3226

Reverse engineering of Mikrotik exploit from Vault 7 CIA Leaks

Working PoC (Full Sources) and Chimay Red Persistence Exploit - PDF Article

OceanLotus : Old Techniques, New Backdoor

 by TechLord ¦  Wed Mar 14, 2018 10:36 am ¦  Forum: Malware ¦  Topic: OceanLotus : Old Techniques, New Backdoor ¦  Replies: 0 ¦  Views: 2751

Full PDF Article here . Excerpt from the Intro : The OceanLotus group, also known as APT32 and APT-C-00, is infamous for its campaigns targeting the eastern part of Asia. A great deal of research about this group was published last year, including papers such as those from CyberReason, a lengthy gl...

Unpacking Gootkit Malware With IDA Pro and X64dbg [OA Labs]

 by TechLord ¦  Mon Mar 05, 2018 12:55 pm ¦  Forum: Malware ¦  Topic: Unpacking Gootkit Malware With IDA Pro and X64dbg [OA Labs] ¦  Replies: 0 ¦  Views: 3550

An Youtube Video Demonstration by OA Labs : Unpacking Gootkit Malware With IDA Pro and X64dbg Details: Open Analysis Live! They use IDA Pro and x64dbg to unpack a recently packed Gootkit malware (stage1). Video bookmarks to skip ahead : - Deobfuscating strings with IDA Python 5:15 - Identify anti-a...

Ramnit Banker Sample Request

 by TechLord ¦  Sat Mar 03, 2018 3:51 pm ¦  Forum: Completed Malware Requests ¦  Topic: Ramnit Banker Sample Request ¦  Replies: 1 ¦  Views: 2354

Looking for this sample please:

Name : 20170117_bilo157_RAMNIT_BANKER.exe
MD5 : 6ee3d4e6b9cec67165e90f7ee7c9c33b
SHA256 : 39c5003a4632b26bb461f07a4a253982774ece0d2afd308e8e6fdb033b5cf6a4

Link Reference : VirusTotal

Thank you

Operation Honeybee - Malicious Doc Targeting Humanitarian Gr

 by TechLord ¦  Sat Mar 03, 2018 11:08 am ¦  Forum: Malware ¦  Topic: Operation Honeybee - Malicious Doc Targeting Humanitarian Gr ¦  Replies: 1 ¦  Views: 3195

Link to original page : McAfee Uncovers Operation Honeybee, a Malicious Document Campaign Targeting Humanitarian Aid Groups Repository containing Indicators of Compromise and Yara rules Excerpts from the web page : McAfee Advanced Threat Research analysts have discovered a new operation targeting hu...

Stowaway Virut delivered with Chinese DDoS bot

 by TechLord ¦  Fri Mar 02, 2018 7:06 am ¦  Forum: Malware ¦  Topic: Stowaway Virut delivered with Chinese DDoS bot ¦  Replies: 0 ¦  Views: 2635

Blast from the past: stowaway Virut delivered with Chinese DDoS bot Analysis and Write-up by Hasherezade. Intro Excerpt from the Malware-Bytes Analysis Page : Recently, we described an unusual Chinese drive-by attack that was delivering a variant of the Avzhan DDoS bot. The attack also contained mu...

VMware Exploitation through Uninitialized Buffers

 by TechLord ¦  Fri Mar 02, 2018 2:46 am ¦  Forum: Reverse Engineering and Debugging ¦  Topic: VMware Exploitation through Uninitialized Buffers ¦  Replies: 0 ¦  Views: 3508

A short extract from the blog : As we approach Pwn2Own 2018, I’m reminded of some of the exploits we saw at last year’s contest. Of course, the most interesting bugs we saw involved guest-to-host escalation in VMware. Recently, we presented “l’art de l’évasion: Modern VMware Exploitation techniques...

Avzhan DDoS bot dropped by Chinese drive-by attack

 by TechLord ¦  Fri Feb 23, 2018 10:08 pm ¦  Forum: Malware ¦  Topic: Avzhan DDoS bot dropped by Chinese drive-by attack ¦  Replies: 0 ¦  Views: 2768

The Avzhan DDoS bot has been known since 2010, but recently we saw it in wild again, being dropped by a Chinese drive-by attack. In this post, they take a deep dive into its functionality and compare the sample captured with the one described in the past . Article Link : https://blog.malwarebytes.co...

Trickbot Sample Request

 by TechLord ¦  Fri Feb 23, 2018 2:50 pm ¦  Forum: Completed Malware Requests ¦  Topic: Trickbot Sample Request ¦  Replies: 1 ¦  Views: 2021

Looking for this sample please :

MD5: ef93a3f412c82c3fc9d9e75a8d428a4d
Type : TrickBot with virus-like activity
Link Reference : https://www.virustotal.com/#/file/cc6da ... ee/details

Thank you