More .NET malware analysis. In this post, we'll be analyzing another spearphishing email, this time masquerading as a mathematics paper exploiting CVE-2017-11882. And we'll generate some Yara rules for detecting it.
Showing posts with label analysis. Show all posts
Showing posts with label analysis. Show all posts
Thursday, June 22, 2023
Wednesday, March 01, 2023
Linear Sweeping vs Recursive Disassembly
Objdump's linear sweep
While objdump's linear algorithm makes it fast, there are tradeoffs. For example, if we construct a Linux executable, we find we can insert strings into various headers which objdump will, to no surprise, blindly misinterpret.
Saturday, January 21, 2023
Mm .. Malware Analysis
TL;DR: Analysis of malspam potentially targeting an organization. C#/.NET binary using KoiVM, process hollowing, and abusing vulnerable procexp152.sys driver.
Labels:
analysis,
cryptography,
csharp,
dfir,
dotnet,
dotrunpex,
malware,
python,
reverse engineering,
windows
Subscribe to:
Comments (Atom)
Using Python To Access archive.today, July 2025
It seems like a lot of the previous software wrappers to interact with archive.today (and archive.is, archive.ph, etc) via the command-line ...
-
Latin1 was the early default character set for encoding documents delivered via HTTP for MIME types beginning with /text . Today, only ...
-
From "Overfitting and the strong version of Goodhart's law" : Increased efficiency can sometimes, counterintuitively, lead to ...
-
Playing around with writing malware proof-of-concepts, running red and blue team simulations in my computer lab against Windows Home edition...