A forum for reverse engineering, OS internals and malware analysis 

Search found 14 matches

 Go to advanced search

Re: WIN64 Driver Development Basic Tutorial

 by TSION ¦  Fri Aug 18, 2017 1:01 pm ¦  Forum: Kernel-Mode Development ¦  Topic: WIN64 Driver Development Basic Tutorial ¦  Replies: 19 ¦  Views: 43282

Thanks very much for the share, also is their any additional resources about WIN64 development.

Re: Malware Poc (Curious)

 by TSION ¦  Mon Oct 17, 2016 12:29 am ¦  Forum: Malware ¦  Topic: Malware Poc (Curious) ¦  Replies: 3 ¦  Views: 4025

Hi again, I had a quick look at it. It looks like a ransomware from a cyber security challenge (Enisa Cyber Europe 2016?). Powershell script, kemel32.dll (a dll which is dropped to %appdata%) and the payload (ransomware?) in the attachment. If you wanted to know if he made it himself why don't you ...

Re: List of pseudo-APT campaigns

 by TSION ¦  Tue Aug 16, 2016 2:08 pm ¦  Forum: Malware ¦  Topic: List of pseudo-APT campaigns ¦  Replies: 2 ¦  Views: 35720

EP_XOFF should be very interesting for an amateur reverse engineer and should be interesting experience.

Re: Getting Back

 by TSION ¦  Mon Aug 01, 2016 9:40 pm ¦  Forum: Newbie Questions ¦  Topic: Getting Back ¦  Replies: 3 ¦  Views: 6612

Yeah due to me being busy with academics and such.

Getting Back

 by TSION ¦  Sun Jul 31, 2016 9:25 pm ¦  Forum: Newbie Questions ¦  Topic: Getting Back ¦  Replies: 3 ¦  Views: 6612

Haven't been doing Malware Analysis/Reversing in about 2 Months any ideas how get back into the game ?

Re: Unknown algorithm in forloop

 by TSION ¦  Sun Jul 31, 2016 9:18 pm ¦  Forum: Newbie Questions ¦  Topic: Unknown algorithm in forloop ¦  Replies: 3 ¦  Views: 6375

EXC seems to indicate how many loop iterations to execute. It seems not to contain any memory address. I see no write access through EXC (and no write access to EXC itself except that decrements at the end of each loop). I am quite unsure what you'd like to know. To extend on what was previously st...

Re: Reversing Android dynamic dexloader

 by TSION ¦  Sun Jul 31, 2016 9:11 pm ¦  Forum: Reverse Engineering and Debugging ¦  Topic: Reversing Android dynamic dexloader ¦  Replies: 1 ¦  Views: 10458

DMEW I haven't reversed anything in a while (Windows/Android/Linux) but there is a technique used in this tool called DexHunter which basically unpacks the packed Dex file via exploiting the implementation of the android run-time features.The general way you want to attack this is to unpack the pack...

Basics of Windows Kernel Internals

 by TSION ¦  Fri May 20, 2016 1:11 am ¦  Forum: Kernel-Mode Development ¦  Topic: Basics of Windows Kernel Internals ¦  Replies: 0 ¦  Views: 7848

Publishing some reference guides on the basics of the Windows Kernel Arch. link is below
https://gist.github.com/zophike1/295445 ... 2687761cca

Re: Static bypass patchGuard and DSE on win8.1

 by TSION ¦  Sun Apr 24, 2016 3:58 pm ¦  Forum: Kernel-Mode Development ¦  Topic: Static bypass patchGuard and DSE on win8.1 ¦  Replies: 3 ¦  Views: 18124

Hello,KernelMode.info The following English translation from Google: Thanks fyyre the bootloader v2, I use a method which was destroyed patchGruad, but did not crack the drive load signature (DSE), the success of my own research after cracks, will now talk about the method, it may be obsolete, sinc...

What is the most interesting Malware you have encountered.

 by TSION ¦  Sat Apr 23, 2016 8:45 pm ¦  Forum: General Discussion ¦  Topic: What is the most interesting Malware you have encountered. ¦  Replies: 2 ¦  Views: 7832

Lately there has been lots of copy-paste malware and uninteresting attack vectors,if you could can you as a community describe some of the interesting things you've encountered and your ventures with that particular sample ?