A forum for reverse engineering, OS internals and malware analysis 

Search found 137 matches

 Go to advanced search

Syscall-Monitor

 by p4r4n0id ¦  Thu Mar 23, 2017 3:28 pm ¦  Forum: Tools/Software ¦  Topic: Syscall-Monitor ¦  Replies: 2 ¦  Views: 12070

Hi,

Syscall Monitor is a system monitor program (like Sysinternal's Process Monitor) using Intel VT-X/EPT for Windows7+

https://github.com/hzqst/Syscall-Monitor

p4r4n0id

Re: Cybellum - another pseudo security company from Israel

 by p4r4n0id ¦  Thu Mar 23, 2017 7:15 am ¦  Forum: General Discussion ¦  Topic: Cybellum - another pseudo security company from Israel ¦  Replies: 9 ¦  Views: 22400

So "Undocumented" that even Microsoft published about it https://blogs.msdn.microsoft.com/reiley ... -verifier/

:shock:

gargoyle, a memory scanning evasion technique

 by p4r4n0id ¦  Sun Mar 05, 2017 9:37 am ¦  Forum: Tools/Software ¦  Topic: gargoyle, a memory scanning evasion technique ¦  Replies: 0 ¦  Views: 10413

Hi,

Found it very interesting and well written, enjoy:

https://jlospinoso.github.io/security/a ... asion.html

p4r4n0id

Re: Ransomware identfied as Trojan.Win32.Inject.acepl

 by p4r4n0id ¦  Tue Nov 29, 2016 11:44 am ¦  Forum: Malware ¦  Topic: Ransomware identfied as Trojan.Win32.Inject.acepl ¦  Replies: 2 ¦  Views: 12619

ASN1 sample, classic process hollowing technique.

Cosa Nostra

 by p4r4n0id ¦  Mon Nov 28, 2016 7:04 pm ¦  Forum: Tools/Software ¦  Topic: Cosa Nostra ¦  Replies: 1 ¦  Views: 9145

Cosa Nostra, a FOSS graph based malware clusterization toolkit.

https://github.com/joxeankoret/cosa-nostra

Re: How do i analyze buffer Overflow ?

 by p4r4n0id ¦  Thu Nov 24, 2016 1:13 pm ¦  Forum: Reverse Engineering and Debugging ¦  Topic: How do i analyze buffer Overflow ? ¦  Replies: 2 ¦  Views: 23462

Re: Links to Virtual Machines

 by p4r4n0id ¦  Sat Nov 19, 2016 5:59 pm ¦  Forum: Tools/Software ¦  Topic: Links to Virtual Machines ¦  Replies: 25 ¦  Views: 78055

Re: Request: Stampedo Ransomware

 by p4r4n0id ¦  Mon Jul 25, 2016 8:31 pm ¦  Forum: Completed Malware Requests ¦  Topic: Request: Stampedo Ransomware ¦  Replies: 3 ¦  Views: 5274

scvhost.exe - LOL :)

Re: Powershell post-exploitation framework ~ Empire

 by p4r4n0id ¦  Thu Mar 17, 2016 11:34 pm ¦  Forum: Tools/Software ¦  Topic: Powershell post-exploitation framework ~ Empire ¦  Replies: 2 ¦  Views: 10096

What do u mean by "without the need of powershell.exe" ? PS process is executed by the installer and also by all agents.....

ransomwaretracker abuse.ch

 by p4r4n0id ¦  Sun Mar 06, 2016 7:44 pm ¦  Forum: Malware ¦  Topic: ransomwaretracker abuse.ch ¦  Replies: 1 ¦  Views: 3182

https://ransomwaretracker.abuse.ch/

"List of malware sources" is a better location but page is locked.

p4r4n0id

  • 1
  • 2
  • 3
  • 4
  • 5
  • 14