This very short post shows the Domain Generation Algorithm of BumbleBee, a loader for Cobalt Strike or other malware.| Binary Reverse Engineering Blog
Video that shows the DGA of the fileinfector m0yv and results of sinkholing domains for over a year.| Binary Reverse Engineering Blog
The Orchard malware uses a domain generation algorithm (DGA) that is seeded both by the current date, and also by the current balance of the Bitcoin genesis block.| Binary Reverse Engineering Blog
This blog post shows how the open source framework “binary refinery™” can extract the download URL of complicated TA551 malspam emails.| Binary Reverse Engineering Blog
Domain generation algorithms are relatively straightforward to program and usually bug free. Not so the new DGA of BazarLoader, which goes haywire during the summer months.| Binary Reverse Engineering Blog
Bazar Loader decided to change its perfectly fine domain generation algorithm (DGA) once again. The change in the algorithm is very minor, but it yields more domain names.| Binary Reverse Engineering Blog
This blog post shows yet another domain generation algorithm of Bazar Loader. Although it still uses exclusively the .bazar top level domain and similar seeding, the algorithm itself is completely new.| Binary Reverse Engineering Blog
This blog post is about the faulty domain generation algorithm found in some BazarLoader samples. The DGA not only uses an invalid tld, it also occasionally generates invalid characters for the second level domain.| Binary Reverse Engineering Blog
In this post, we take a look at an anti-forensics technique that malware can leverage to hide injected DLLs. We dive into specific details of the Windows Process Environment Block (PEB) and how to abuse it to hide a malicious loaded DLL. Background: You may be wondering why you’re reading a post about Windows internals if I’m much more focused on cloud security these days. I initially wrote this blog post exactly 3 years ago, in April 2020. I got stuck at explaining why Process Hacker wou...| Christophe Tafani-Dereeper