The DirtyMoe malware is a complex malicious backdoor employing various self-protection and anti-forensics mechanisms. One of the more significant safeguards is a rootkit. The next article of the DirtyMoe series explains rootkit functionality in detail.
The Magnitude exploit kit, originally known as PopAds, has been around since at least 2012, which is an unusually long lifetime for an exploit kit. However, it’s not the same exploit kit today that it was nine years ago. Pretty much every part of Magnitude has changed multiple times since then. The...
New blog series on how threat actors abuse Cobalt Strike. This first part explains how to analyze, decode and parse Cobalt Strike payloads.
Follow us in our journey analyzing Mongolian certificate authority breach and certificate client backdoored with Cobalt Strike.
New malware strain we discovered could be the reason why your antivirus doesn’t work anymore. Especially if you have installed some popular software from not so legal distribution recently
Three measures of exploits, one of vulnerable drivers, half a measure of Delphi. Shake it very well until it's ice-cold, then add a large thin slice of VMProtect. Got it?
Reusing binary code from malware is one of my favorite topics. Binary re-engineering and being able to bend compiled code to your will is really just an amazing skill. Allow me to show you the way
Writing a debugger for VB6 P-code has been something I have always wanted to do. Come and let me show you, how far the rabbit hole goes.
Reversing the VB6 in general, and P-Code in particular, has always been a problem area. Let's reveal the inner depths of VB6 P-Code disassembly and the VB6 runtime