A forum for reverse engineering, OS internals and malware analysis 

Search found 14 matches

 Go to advanced search

Re: VBOX Sandbox Escape - Guest to Host

 by h00key ¦  Sat Nov 10, 2018 8:52 pm ¦  Forum: General Discussion ¦  Topic: VBOX Sandbox Escape - Guest to Host ¦  Replies: 1 ¦  Views: 1229

Re: Why is Malware in C++ (Hard) and not simple Python

 by h00key ¦  Sat Dec 03, 2016 12:32 pm ¦  Forum: Newbie Questions ¦  Topic: Why is Malware in C++ (Hard) and not simple Python ¦  Replies: 20 ¦  Views: 30450

I guess Python might have some use among Linux/Unix (server) malware creators. Those systems often have Python interpreter installed (unlike Windows), might be non-x86, might have slight differences in APIs (BSD vs Linux vs HP-UX...) and system level access may not be very necessary. Just my 2cents....

Re: Windows Spyware KB List

 by h00key ¦  Sat Dec 03, 2016 10:07 am ¦  Forum: Tools/Software ¦  Topic: Windows Spyware KB List ¦  Replies: 7 ¦  Views: 30684

Looks like the November 2016 cumulative security update for Windows 7 (KB3197868) installs the diagtrack service. To check: sc query diagtrack To disable: sc config diagtrack start= disabled (Note the space after "=") Or, delete: sc delete diagtrack Has anyone found out if it brings other nasty stuf...

Re: Gmail spam/phishing?

 by h00key ¦  Sat Jan 09, 2016 8:06 pm ¦  Forum: General Discussion ¦  Topic: Gmail spam/phishing? ¦  Replies: 2 ¦  Views: 9150

I remember getting this sort of spam years ago. If the Gmail spam filter doesn't detect them, one quick n dirty solution is to make a filter that puts all incoming messages that have your own address as sender to trash. You don't usually need to send messages to yourself so it only affects spam.

Re: Favorite Rogue Av

 by h00key ¦  Sat Jan 09, 2016 8:03 pm ¦  Forum: General Discussion ¦  Topic: Favorite Rogue Av ¦  Replies: 5 ¦  Views: 12471

Good old ErrorSafe :P

Re: Windows Spyware KB List

 by h00key ¦  Thu Dec 31, 2015 10:02 am ¦  Forum: Tools/Software ¦  Topic: Windows Spyware KB List ¦  Replies: 7 ¦  Views: 30684

Besides going through the list of bad updates, is there an easy way to check the existence of the spy features? At least these can be done: 1. Check the existence of GWXUXWorker.exe as instructed by EP_X0FF (Windows 7/8/8.1): If KB3035583 failed to completely remove files - go to %systemroot%\System...

Re: [Poll] What is your home AV? (part II)

 by h00key ¦  Thu Mar 26, 2015 8:58 pm ¦  Forum: General Discussion ¦  Topic: [Poll] What is your home AV? (part II) ¦  Replies: 22 ¦  Views: 36813

Avast! because it is the least bad of the 3+1 big free AVs. Unfortunately even it is not free of bloat and various kinds of social media garbage anymore.

Re: Diaphora

 by h00key ¦  Thu Mar 26, 2015 8:53 pm ¦  Forum: Tools/Software ¦  Topic: Diaphora ¦  Replies: 1 ¦  Views: 6190

Sounds interesting. Does this work in the freeware edition (5.xx whatever)? Gonna test if it works...

Re: Anti-malwares for Win98SE ?

 by h00key ¦  Wed Feb 25, 2015 1:51 pm ¦  Forum: Tools/Software ¦  Topic: Anti-malwares for Win98SE ? ¦  Replies: 9 ¦  Views: 12615

I suggest old versions too, as malware on W98 isn't likely very new.

Is F-PROT still available for DOS based Windows?

How about ClamAV? My friend used it on 98 a few years ago. Don't know about its detection capabilities however.

Reformatting is of course easiest.

Re: VBoxAntiVMDetectHardened mitigation X64 only (14/02/15)

 by h00key ¦  Sun Feb 15, 2015 11:06 pm ¦  Forum: Tools/Software ¦  Topic: VBoxAntiVMDetectHardened mitigation X64 only ¦  Replies: 249 ¦  Views: 1747603

Has anyone considered forking VBox source and removing the "hardenings" to make a version suitable for malware analysis? It would cause problems with driver signing I guess? And of course lots of work as well.

Just my random 2 cents...