New blog series on how threat actors abuse Cobalt Strike. This first part explains how to analyze, decode and parse Cobalt Strike payloads.
Follow us in our journey analyzing Mongolian certificate authority breach and certificate client backdoored with Cobalt Strike.
New malware strain we discovered could be the reason why your antivirus doesn’t work anymore. Especially if you have installed some popular software from not so legal distribution recently
Three measures of exploits, one of vulnerable drivers, half a measure of Delphi. Shake it very well until it's ice-cold, then add a large thin slice of VMProtect. Got it?
Reusing binary code from malware is one of my favorite topics. Binary re-engineering and being able to bend compiled code to your will is really just an amazing skill. Allow me to show you the way
Writing a debugger for VB6 P-code has been something I have always wanted to do. Come and let me show you, how far the rabbit hole goes.
Reversing the VB6 in general, and P-Code in particular, has always been a problem area. Let's reveal the inner depths of VB6 P-Code disassembly and the VB6 runtime
Code obfuscation is one of the cornerstones of malware. The harder code is to analyze the longer attackers can fly below the radar and hide the full capabilities of their creations. Code obfuscation techniques are very old and take many many forms from source code modifications, opcode...
This is part one in a series of posts that focus on understanding Visual Basic 6.0 (VB6) code, and the tactics and techniques both malware authors and researchers use around it.
One specific malware family emphasizes how easy it can be to lose your cryptocurrency coins. It is called HackBoss - a simple yet very effective malware that has possibly stolen over $560,000 USD from the victims so far. And it’s mainly being spread via Telegram.