A forum for reverse engineering, OS internals and malware analysis 

Search found 4342 matches

 Go to advanced search

Re: ZwImpersonateThread understanding

 by EP_X0FF ¦  Fri Sep 06, 2019 4:27 am ¦  Forum: Kernel-Mode Development ¦  Topic: ZwImpersonateThread understanding ¦  Replies: 3 ¦  Views: 3175

Re: Cymmetria Patchwork "APT"

 by EP_X0FF ¦  Fri Sep 06, 2019 4:25 am ¦  Forum: Malware ¦  Topic: Cymmetria Patchwork "APT" ¦  Replies: 3 ¦  Views: 10437

Final of the story. The fake security company Cymmetria acquired by Stage Fund - a Denver based aggregator of cheap shit funds. Mission Accomplished.

Re: Force unload kernel driver

 by EP_X0FF ¦  Wed Aug 14, 2019 3:47 am ¦  Forum: Kernel-Mode Development ¦  Topic: Force unload kernel driver ¦  Replies: 1 ¦  Views: 4635

Just do BSOD. Force unloads everything.
The feature you are planning is BSOD generator by design. There is no way to safely unload driver if it not support unloading itself, otherwise just call it driver unload function and pray for no BSOD.

Re: I want to ask someone to check if a PC game is infected with malware

 by EP_X0FF ¦  Tue Aug 13, 2019 3:54 am ¦  Forum: Newbie Questions ¦  Topic: I want to ask someone to check if a PC game is infected with malware ¦  Replies: 1 ¦  Views: 746

Feel free to post more info about it.

Re: [REQUEST] The Rootkit Arsenal 2nd edition

 by EP_X0FF ¦  Sun Aug 11, 2019 3:09 am ¦  Forum: General Discussion ¦  Topic: [REQUEST] The Rootkit Arsenal 2nd edition ¦  Replies: 2 ¦  Views: 455

You googled it wrong.
http://venom630.free.fr/pdf/The.Rootkit ... dition.pdf

Almost everything from this "book" is out-dated trash and was out-dated at the moment of it release.

Re: Discovering footprints of loaded and unloaded kernel mode drivers

 by EP_X0FF ¦  Sun Aug 11, 2019 3:04 am ¦  Forum: Newbie Questions ¦  Topic: Discovering footprints of loaded and unloaded kernel mode drivers ¦  Replies: 3 ¦  Views: 471

It is depends on what you want to achieve. Currently it looks like you are either cheat or anti-cheat developer. No malware works in a different way.

Re: CVE-2018-8373 Exploit(s) / HTML_EXPLOIT.YYRV

 by EP_X0FF ¦  Tue Jul 30, 2019 5:10 pm ¦  Forum: Completed Malware Requests ¦  Topic: CVE-2018-8373 Exploit(s) / HTML_EXPLOIT.YYRV ¦  Replies: 1 ¦  Views: 2642

Old topic with no replies, moved to completed. If you still need this sample let us know and we will move this request back.

Re: x64 NDIS.sys pdb wanted

 by EP_X0FF ¦  Thu Jul 04, 2019 4:26 am ¦  Forum: Reverse Engineering and Debugging ¦  Topic: x64 NDIS.sys pdb wanted ¦  Replies: 4 ¦  Views: 3797

In attach NDIS headers generated from the above PDB files with help of wbenny pdbex (https://github.com/wbenny/pdbex).

Windows 7 (7601)
Windows 8 (9200)
Windows 8.1 (9600)
Windows 10 (10240, 10586, 14393, 15063, 16299, 17134, 17763, 18362)

Re: why ExFreePool will blue screen

 by EP_X0FF ¦  Thu Jul 04, 2019 4:21 am ¦  Forum: Kernel-Mode Development ¦  Topic: why ExFreePool will blue screen ¦  Replies: 5 ¦  Views: 5083

I highly doubt he will read or answer you after more than 1 year passed since this thread last reply. Closed.

Re: My AV says my router is infected

 by EP_X0FF ¦  Thu Jul 04, 2019 2:51 am ¦  Forum: Newbie Questions ¦  Topic: My AV says my router is infected ¦  Replies: 9 ¦  Views: 2546

In your router manual.

  • 1
  • 2
  • 3
  • 4
  • 5
  • 435