+
DGA – Domain Generation Algorithm
Usually, malicious code connects to the C&C server via a domain or IP address. DGA – Domain Generation Algorithm is a technique employed by the malware …
September 12, 2019
Malware Analysis Archive
+
Memory Forensic
What is memory forensic? Memory forensics is forensic analysis of a computer‘s memory dump. Its primary application is investigation of advanced computer attacks which are stealthy enough to avoid leaving data on the …
July 29, 2019
+
Reversing with Radare2
Radare2 (also known as r2) is a complete framework for reverse-engineering and analyzing binaries; composed of a set of small utilities that can be used together …
April 1, 2019
+
Ghidra – Software Reverse Engineering Framework
What is GHIDRA? Ghidra is a software reverse engineering (SRE) framework created and maintained by the National Security Agency Research Directorate. This framework includes a suite of full-featured, …
March 12, 2019
+
ELF FILE – CHAPTER 3: DYNAMIC LINKER AND SOURCE CODE PROTECTION
Continue to research about ELF. Today I will analyze dynamic linker. Then, I will introduce some tools like obfuscator tool for ELF file. 1. DYNAMIC LINKER: …
October 18, 2018
+
ELF FILE – CHAPTER 2: RELOCATION AND DYNAMIC LINKING
In the previous chapter, I told about ELF file types, the components in ELF format and them’s struct. Today, I will show you the relocation process …
October 11, 2018
+
ELF FILE – CHAPTER 1: THE FILE FORMAT AND SOME TOOLS FOR ANALYSING
Hi, my friends. Today, I present about the ELF (Executable and Linking Format) format and introduce some tools. There are three main types of file: Relocatable …
October 4, 2018
+
New “Early Bird” Code Injection Technique
Researchers have identified what they are calling an Early Bird code injection technique used by the Iranian group APT33 to burrow the TurnedUp malware inside infected …
April 17, 2018