--- This is the second part on the VirtualGuard Protector series which focuses on the virtualizat| mrT4ntr4's Blog
--- This part focuses more on the basic obfuscation techniques used in .Net samples such as Contr| mrT4ntr4's Blog
So recently a challenge(| mrT4ntr4's Blog
So recently a challenge(Layers) from 3kCTF featured control flow flattening using OLLVM. Although I did know about control flow flattening I hadn’t encountered it personally. And as I’ve been experime| mrT4ntr4's Blog
DarkCloud Stealer's delivery has shifted. We explore three different attack chains that use ConfuserEx obfuscation and a final payload in Visual Basic 6. The post New Infection Chain and ConfuserEx-Based Obfuscation for DarkCloud Stealer appeared first on Unit 42.| Unit 42
Recently, our team uncovered a particularly sneaky piece of malware tucked away in a place many WordPress users don’t even know exists: the mu-plugins folder. In fact, back in March, we saw a similar trend with hidden malware in this very directory, as detailed in our post Hidden Malware Strikes Again: MU-Plugins Under Attack. This current infection was designed to be quiet, persistent, and very hard to spot. ./wp-content/mu-plugins/wp-index.php For those unfamiliar, mu-plugins stands for ...| Sucuri Blog
In an extensive campaign affecting 270k webpages, compromised websites were injected with the esoteric JavaScript programming style JSF*ck to redirect users to malicious content. In an extensive campaign affecting 270k webpages, compromised websites were injected with the esoteric JavaScript programming style JSF*ck to redirect users to malicious content.| Unit 42
Uncover the dangers of a malicious plugin that can steal admin credentials and compromise your WordPress site security.| Sucuri Blog
Client-facing apps, by nature, contain blueprints on how to access guarded information, and these apps live in the hands of the public.| ITOps Times
As a reverse engineer, every now and then you encounter a situation where you dive deeper into the internal structures of an operating system as usual. Be it out of simple curiosity, or because you need to understand how a binary uses specific parts of the operating system in certain ways . One of the …PEB: Where Magic Is Stored Read More »| Malware and Stuff
In the last episode … As you’ve probably guessed it, this is the second part of my journey to reverse engineer a virtual machine protected binary. If you haven’t read the first part[1], I encourage you to do so, because I will not repeat everything again here. While the first part dealt with explaining the …Taming Virtual Machine Based Code Protection – 2 Read More »| Malware and Stuff
You probably already guessed it from the title’s name, API Hashing is used to obfuscate a binary in order to hide API names from static analysis tools, hindering a reverse engineer to understand the malware’s functionality. A first approach to get an idea of an executable’s functionalities is to more or less dive through the …Deobfuscating DanaBot’s API Hashing Read More »| Malware and Stuff
Overcoming obfuscation in binaries has always been an interesting topic for me, especially in combination with malware. Over the last weeks I’ve been playing around with Virtualised Code Protection in order to see how well I could handle it. I decided to download a simple crack-me challenge which is obfuscated with this technique. It takes …Taming Virtual Machine Based Code Protection – 1 Read More »| Malware and Stuff