More .NET malware analysis. In this post, we'll be analyzing another spearphishing email, this time masquerading as a mathematics paper exploiting CVE-2017-11882. And we'll generate some Yara rules for detecting it.
Showing posts with label malware. Show all posts
Showing posts with label malware. Show all posts
Thursday, June 22, 2023
Saturday, January 21, 2023
Mm .. Malware Analysis
TL;DR: Analysis of malspam potentially targeting an organization. C#/.NET binary using KoiVM, process hollowing, and abusing vulnerable procexp152.sys driver.
Labels:
analysis,
cryptography,
csharp,
dfir,
dotnet,
dotrunpex,
malware,
python,
reverse engineering,
windows
Subscribe to:
Comments (Atom)
Using Python To Access archive.today, July 2025
It seems like a lot of the previous software wrappers to interact with archive.today (and archive.is, archive.ph, etc) via the command-line ...
-
Latin1 was the early default character set for encoding documents delivered via HTTP for MIME types beginning with /text . Today, only ...
-
From "Overfitting and the strong version of Goodhart's law" : Increased efficiency can sometimes, counterintuitively, lead to ...
-
Playing around with writing malware proof-of-concepts, running red and blue team simulations in my computer lab against Windows Home edition...