A forum for reverse engineering, OS internals and malware analysis 

Search found 26 matches

 Go to advanced search

Re: New discord server for passionates

 by driverobject ¦  Fri Dec 21, 2018 4:04 pm ¦  Forum: General Discussion ¦  Topic: New discord server for passionates ¦  Replies: 1 ¦  Views: 2526

It's offline?

Re: Hacking Team RCS and other tools

 by driverobject ¦  Tue Jul 07, 2015 11:02 am ¦  Forum: Malware ¦  Topic: Hacking Team RCS and other tools ¦  Replies: 12 ¦  Views: 15390

Thank you as always great information.

Re: Hacking Team RCS and other tools

 by driverobject ¦  Tue Jul 07, 2015 6:04 am ¦  Forum: Malware ¦  Topic: Hacking Team RCS and other tools ¦  Replies: 12 ¦  Views: 15390

yeah, did they actually have 0 days and a solid malware or just good enough malware? teaching those agencies how to send good phishing emails with known document exploits? btw I'm still trying to download a magnet link to the files, it's been 8 hours still downloading metadata :) any better way to d...

Hacking Team RCS and other tools

 by driverobject ¦  Mon Jul 06, 2015 10:41 pm ¦  Forum: Malware ¦  Topic: Hacking Team RCS and other tools ¦  Replies: 12 ¦  Views: 15390

Some of the claims by these guys seem to be way too long a shot such as decrypting PGP and others. While malware installed on a system could gain access to the unencrypted traffic, can anybody here actually confirm there is merit to some of the overblown features they are talking about? This comes t...

Infecting your own machine

 by driverobject ¦  Tue Oct 28, 2014 3:57 pm ¦  Forum: Newbie Questions ¦  Topic: Infecting your own machine ¦  Replies: 2 ¦  Views: 3810

Is there a good resource on the web that not only hands out malware samples but also provides instructions for successful infection as well. Excuse the dummy question, but what I'd like to know or get better at is keep improving incident response and manual detection skills with the latest threats i...

Re: Difference between an IOCTL and an IRP

 by driverobject ¦  Wed Nov 24, 2010 4:54 am ¦  Forum: Newbie Questions ¦  Topic: Difference between an IOCTL and an IRP ¦  Replies: 6 ¦  Views: 8416

Thank you for the details, I was aware of the ReadFile translating to .._READ eventually. However I'm still not clear as to the fundemental difference in doing IO with the 2 different mechanisms.

Re: Difference between an IOCTL and an IRP

 by driverobject ¦  Tue Nov 23, 2010 11:03 pm ¦  Forum: Newbie Questions ¦  Topic: Difference between an IOCTL and an IRP ¦  Replies: 6 ¦  Views: 8416

So how do you differentiate between the two? Is it used as a way to easily send an arbitrary number of commands to a driver, instead of creating your own messaging mechanism that would use IRP_MJ_READ and WRITE? What is the difference in sending an IRP_MJ_WRITE and an IOCTL that would to the write a...

Re: Device Driver Development for Beginners - Reloaded

 by driverobject ¦  Mon Nov 15, 2010 11:04 am ¦  Forum: Kernel-Mode Development ¦  Topic: Device Driver Development for Beginners - Reloaded ¦  Replies: 24 ¦  Views: 108357

Seems to me that VisualDDK does the whole job with prereqs in place. Is there a reason to install the DDKWizard? Or is it choose between the two?

Thanks..

Source code for rootkits/antirootkits

 by driverobject ¦  Thu Nov 11, 2010 7:59 am ¦  Forum: Newbie Questions ¦  Topic: Source code for rootkits/antirootkits ¦  Replies: 6 ¦  Views: 15495

Hi all,

Is there a repository for the rootkits/antirootkits source code?

Thanks,

Re: IdaPro question

 by driverobject ¦  Wed Nov 10, 2010 3:51 pm ¦  Forum: Reverse Engineering and Debugging ¦  Topic: IdaPro question ¦  Replies: 6 ¦  Views: 9058

Thanks a lot, much appreciated.