+
Using YARA to detect Malware
Have you ever wondered how malware is detected? How do malware scanners work? How does Gmail know that the suspicious attachment you got was “dangerous”? The …
March 12, 2020
Malware Analysis Archive
+
Utilize PowerShell without executing the powershell.exe binary
In recent times, I have learned about techniques in developing modern malware. One of those techniques was to utilize PowerShell without executing the powershell.exe binary. After …
March 5, 2020
+
Living Off the Land Techniques
1. What is Living off the Land? The use of Living off the Land (LotL) tactics and tools by cyber criminals has been a growing trend …
February 27, 2020
+
Adding code to a PE File – Add to an existing section
Hey guys, Adding code to a PE file is essential when we crack a program or add functionality to an application. In this post, you and …
February 12, 2020
+
FFSN – FAST-FLUX SERVICE NETWORKS
Fast-Flux is a DNS technique that involves frequent and rapid changing of the IP addresses associated with a Fully Qualified Domain Name (FQDN) by using a …
February 12, 2020
+
DGA – Domain Generation Algorithm
Usually, malicious code connects to the C&C server via a domain or IP address. DGA – Domain Generation Algorithm is a technique employed by the malware …
September 12, 2019
+
Memory Forensic
What is memory forensic? Memory forensics is forensic analysis of a computer‘s memory dump. Its primary application is investigation of advanced computer attacks which are stealthy enough to avoid leaving data on the …
July 29, 2019
+
Reversing with Radare2
Radare2 (also known as r2) is a complete framework for reverse-engineering and analyzing binaries; composed of a set of small utilities that can be used together …
April 1, 2019