malwarereversing.wordpress.com
malwarereversing | Malware reversing, security research, random thingsMalware reversing, security research, random things
http://malwarereversing.wordpress.com/
Malware reversing, security research, random things
http://malwarereversing.wordpress.com/
TODAY'S RATING
>1,000,000
Date Range
HIGHEST TRAFFIC ON
Friday
LOAD TIME
0.4 seconds
16x16
32x32
PAGES IN
THIS WEBSITE
5
SSL
EXTERNAL LINKS
16
SITE IP
192.0.78.13
LOAD TIME
0.396 sec
SCORE
6.2
malwarereversing | Malware reversing, security research, random things | malwarereversing.wordpress.com Reviews
https://malwarereversing.wordpress.com
Malware reversing, security research, random things
malwarereversing.wordpress.com
Volatility 2.0 Plugin Vscan | malwarereversing
https://malwarereversing.wordpress.com/2011/09/17/volatility-2-0-plugin-vscan
Malware reversing, security research, random things. Volatility 2.0 Plugin Vscan. I came across a program the other day that is very powerful when it comes to IR (Incident Response). So wanting to learn more about the platform I dived right in and decided to create a plugin. What if you could automatically carve out a file from a memory image and submit said carving to an online virus scanning service? Or HB Gary Responder Pro. But built around Python. For those who don’t know what Volatility. Dumping ex...
Debugging Injected Code with IDA Pro | malwarereversing
https://malwarereversing.wordpress.com/2011/09/27/debugging-injected-code-with-ida-pro
Malware reversing, security research, random things. Debugging Injected Code with IDA Pro. First off we need to find some malware that uses code injection. Code injection is usually done through the WriteProcessMemory. API call through Windows. I’ve provided a sample here. Which just happens to be the shylock malware. That was posted recently at Contagio. 😛 You need to also make sure your vm is accessible from your host machine. I used ‘ Host-Only Networking. Make sure your connection/paths are correct.
Zeus Analysis in Volatility 2.0 | malwarereversing
https://malwarereversing.wordpress.com/2011/09/23/zeus-analysis-in-volatility-2-0
Malware reversing, security research, random things. Zeus Analysis in Volatility 2.0. Well I wanted to post another article about memory forensics with my favorite open source tool right now…. Volatility. Can’t say enough great things about the documentation (very well written and expansive) and the community is very helpful in answering questions (even noobish ones). So after I read MHL’s Stuxnet Analysis with Volatility 2.0. The folks at Volatility. Volatile Systems Volatility Framework 2.0. C: RE vola...
Shylock In-Depth Malware Analysis | malwarereversing
https://malwarereversing.wordpress.com/2011/09/30/shylock-in-depth-malware-analysis
Malware reversing, security research, random things. Shylock In-Depth Malware Analysis. We got a special piece of malware on the docket. Mila over @ contagiodump. Download the Shylock infected memory sample here. The dropper can be downloaded from here. If not exist "C: re shylock 4FDA5E7E8E682870E993F97AD26BA6B2" goto exit. Attrib -R -S -H "C: re shylock 4FDA5E7E8E682870E993F97AD26BA6B2". Erase "C: re shylock 4FDA5E7E8E682870E993F97AD26BA6B2". 3 sections are allocated into explorer.exe and a dll is ...
Heap Homework | malwarereversing
https://malwarereversing.wordpress.com/2011/05/15/heap-homework
Malware reversing, security research, random things. MALLOC DES-MALEFICARUM (phrack BlackAngel). Ben Hawkes Vista Heap Attacks. Good overview of heap layout/attack vectors and recipes as he calls them to setup your heap state. Low Fragmentation Heap by Chris Valasek. Given in Argentina at ektoparty? Same one was delivered at Blackhat USA 2010. Advanced Doug lea’s malloc exploits Phrack. Max’s Vudoo Paper in Phrack. Dion Blazakis JIT Spraying. Filling Adobe’s Heap. Once upon a free() Phrack. Fill in your ...
TOTAL PAGES IN THIS WEBSITE
5
maliciousness: April 2011
http://ds-re.blogspot.com/2011_04_01_archive.html
This is my blog about malicious software, exploit related stuff, RE, etc etc etc. Monday, April 25, 2011. You can find an archive of challenges here. Tuesday, April 19, 2011. Breaking enfranced = = = = = = - - - - - -. A debugger and/or disassembler, a linux box or vm, and cygwin. This is a remote hackme challenge from Shmoocon 2010, hosted by Ghost in the Shellcode. You can find this bin here: http:/ capture.thefl.ag/2010/GitS/gits-static.tar. Enfrance@deb6: $ readelf -l enfrance grep STACK. Mov ebp, esp.
maliciousness: PDF analysis part 1
http://ds-re.blogspot.com/2011/01/pdf-analysis-part-1.html
This is my blog about malicious software, exploit related stuff, RE, etc etc etc. Monday, January 24, 2011. PDF analysis part 1. Wanted to do a quick post on PDF analysis. This will be a 2 part post, I don’t have time to finish it this week because Shmoocon is this weekend and I need to do other things :) The sample I'm using can be found here. And using Didier Stevens file format template found here. Those are probably NULLs, so it looked like an incrementing / decrementing 2 byte key, but I fiddled wit...
maliciousness: blog moving... maybe
http://ds-re.blogspot.com/2011/12/blog-moving-maybe.html
This is my blog about malicious software, exploit related stuff, RE, etc etc etc. Monday, December 5, 2011. Blog moving. maybe. Trying out an opera blog, might be permanent, or perhaps I'll be back. we'll see :. Subscribe to: Post Comments (Atom). View my complete profile. Blog moving. maybe. I am lady" Linux.Lady trojan samples. Shylock In-Depth Malware Analysis. Awesome Inc. template. Powered by Blogger.
maliciousness: pCTF 2011
http://ds-re.blogspot.com/2011/04/pctf-2011.html
This is my blog about malicious software, exploit related stuff, RE, etc etc etc. Monday, April 25, 2011. You can find an archive of challenges here. Subscribe to: Post Comments (Atom). View my complete profile. I am lady" Linux.Lady trojan samples. Shylock In-Depth Malware Analysis. Awesome Inc. template. Powered by Blogger.
maliciousness: IDAPython script - finding mnemonics
http://ds-re.blogspot.com/2011/03/idapython-script-finding-mnemonics.html
This is my blog about malicious software, exploit related stuff, RE, etc etc etc. Thursday, March 3, 2011. IDAPython script - finding mnemonics. Below is a quick idapython snippet to find specific mnemonics you may want to look for. either replace " if (mnem = 'fldcw'):" with what you're looking for, or add more to the logic to search for multiple mnemonics. For seg ea in Segments():. For head in Heads(seg ea, SegEnd(seg ea) :. If (mnem = 'fldcw'):. Print 'fldcw at: 0x%x' % head. View my complete profile.
maliciousness: February 2011
http://ds-re.blogspot.com/2011_02_01_archive.html
This is my blog about malicious software, exploit related stuff, RE, etc etc etc. Friday, February 4, 2011. Shmoocon CTF 2011 files. GitSH said their files were posted but the links pulled up last years when I tried it, so here's my archived copy:. Http:/ rapidshare.com/files/450613905/ShmooGiTS-2011.2010.7z. Edit: updated with one challenge that was missing, and included last years files (2010). Cpy the addr of GetCmdLine into eax. Push addr of GetCommandLine. Cpy GetCommandLine's address to eax. If we ...
maliciousness: January 2011
http://ds-re.blogspot.com/2011_01_01_archive.html
This is my blog about malicious software, exploit related stuff, RE, etc etc etc. Monday, January 24, 2011. PDF analysis part 1. Wanted to do a quick post on PDF analysis. This will be a 2 part post, I don’t have time to finish it this week because Shmoocon is this weekend and I need to do other things :) The sample I'm using can be found here. And using Didier Stevens file format template found here. Those are probably NULLs, so it looked like an incrementing / decrementing 2 byte key, but I fiddled wit...
maliciousness: March 2011
http://ds-re.blogspot.com/2011_03_01_archive.html
This is my blog about malicious software, exploit related stuff, RE, etc etc etc. Thursday, March 3, 2011. IDAPython script - finding mnemonics. Below is a quick idapython snippet to find specific mnemonics you may want to look for. either replace " if (mnem = 'fldcw'):" with what you're looking for, or add more to the logic to search for multiple mnemonics. For seg ea in Segments():. For head in Heads(seg ea, SegEnd(seg ea) :. If (mnem = 'fldcw'):. Print 'fldcw at: 0x%x' % head. View my complete profile.
maliciousness: December 2011
http://ds-re.blogspot.com/2011_12_01_archive.html
This is my blog about malicious software, exploit related stuff, RE, etc etc etc. Monday, December 5, 2011. Blog moving. maybe. Trying out an opera blog, might be permanent, or perhaps I'll be back. we'll see :. Subscribe to: Posts (Atom). View my complete profile. Blog moving. maybe. I am lady" Linux.Lady trojan samples. Shylock In-Depth Malware Analysis. Awesome Inc. template. Powered by Blogger.
TOTAL LINKS TO THIS WEBSITE
16
Technology & Internet Security | News & Guides
How to Change Your Homepage in Microsoft Edge. Oracle bundles Ask Adware in latest Java Mac installer. LightEater Malware Capable of Infecting Millions. Remove Privacy Switch Adware (Removal Guide). December 9, 2016. Click Here to Automatically Remove Privacy SwitchWant to remove Privacy Switch adware from your computer? This guide will help you…. Remove Zouron.com Pop-up (Tech Support Scam). December 9, 2016. Mac Malware Removal Instructions (Removal Guide). December 6, 2016. December 6, 2016. Click Her...
Malware Research
Nothing here yet. At least not on this page. Back to main menu.
MalwareResearch – Your Malware Research Experts
Your Malware Research Experts. Thanks for stopping by MalwareResearch.org. If you’re here that probably means your computer is acting odd and you need answers – and fast ones, too. We strive to help people get the information they need to protect their computers from and remove all kinds of malware including viruses, trojans, adware and hijackers. Take a look at the programs we have links to if you think you have been infected by malware. Have you found the information you were looking for? Is classified...
Malware Research | Reverse engineering, Malware analysis and Java concepts discussions
Reverse engineering, Malware analysis and Java concepts discussions. Hangout’s SMS integration – applying breaks on the SMS stealers. December 31, 2013. Not long ago, Google has updated the Hangout android app to provide ability to handle incoming and outgoing SMS, providing SMS integration. Typical workflow of malicious SMS interceptor/interrupter which is used to defeat the two factor authentication (One Time Password). This is where the recent update to hangout’s SMS integration proves handy....
Hover
This user has not enabled any redirections. Hover lets you easily create simple ways to access your digital life.
malwarereversing.wordpress.com
malwarereversing | Malware reversing, security research, random things
Malware reversing, security research, random things. Shylock In-Depth Malware Analysis. Bull;September 30, 2011 • 4 Comments. We got a special piece of malware on the docket. Mila over @ contagiodump. Download the Shylock infected memory sample here. The dropper can be downloaded from here. If not exist "C: re shylock 4FDA5E7E8E682870E993F97AD26BA6B2" goto exit. Attrib -R -S -H "C: re shylock 4FDA5E7E8E682870E993F97AD26BA6B2". Erase "C: re shylock 4FDA5E7E8E682870E993F97AD26BA6B2". 3 sections are allocat...
Malware Review.com - Review the latest Trojans, Malware, Viruses, Backdoors, Rootkits & More
Kindly search your topic below or browse the recent posts. Custom footer text left. Custom footer text right. Theme Powered by Wordpress.
Omaze
Skip to navigation 1. Skip to navigation 2. Play Wiffle Ball with Albert Pujols and Clayton Kershaw. Pujols Family Foundation & Kershaw’s Challenge. Throw Brandon Marshall His First TD Pass of the Season as a NY Jet. You Could Be In Star Trek Beyond. Blow Sh*t Up with Arnold Schwarzenegger. Become a Zombie in Call of Duty. Call of Duty Endowment. Be in an Episode of It's Always Sunny in Philadelphia! Hang with John Oliver on the Set of Last Week Tonight. Hang with Common on the Set of His Next Movie.
Malwarerid
Malwarerid.com es una guía para ayudar a las personas recuperar sus ordenadores de los ataques de spyware, malware y otras infecciones. Llevamos trabajando en la industria de la ciberseguridad desde hace más de 5 años, y hemos notado que más y más sitios y software se crean solo para robarte o confundir y obtener tu dinero. 27 febrero , 2016 11:46. El virus Launchpage.org. 21 marzo , 2017 08:53. El virus Launchpage.org ha estado activo durante más de 5 meses y ha evolucionado hasta convertirse...La estaf...
MalwareRid
5 Julho , 2013 10:43. FBI Moneypak Virus é um dos ransomware (software que exige resgate) mais perigosos, ele bloqueia os sistemas do computador alvo e tenta obter dinheiro do seu usuário. Ele usa o nome do FBI e ameaça você de ter quebrado a lei por assistir ou distribuir arquivos com conteúdo pornográfico. De acordo com a mensagem do…. 10 Julho , 2013 11:30. 3 Setembro , 2013 08:39. Ads by Cinemax Plus. 9 Agosto , 2015 08:48. Cinemax Plus é um adware que é utilizado para campanhas publicitárias. É ...
MalwareRid
Et uhyre stort malverting-angreb kompromitterede selv de mest pålidelige websteder. Mamba Hacks San Francisco Railway System. Det omfattende angreb på Android-brugere er endelig stoppet. Buzz about BuzzFeed getting hacked into by OurMine (Sladder om BuzzFeed, der blev hacket af OurMine). Internet of Things’ Becomes the Most Recent Tool Exploited by Cyber Crooks. European Football Championships 2016 Makes Excellent Bait for Spam Campaigns. How to Access Safe Mode on Android OS. 12 januar, 2017. Plumbytes ...
SOCIAL ENGAGEMENT