String analysis for n00bs
I like to demo this little windows executable to everyone who thinks they are doing the reverse engineering bit right, by using available automated static and dynamic analysis tools, and trusting them...
View ArticleDeXRAY v2.35
Today I got an updated version of DeXRAY from TheMythologist. He was kind enough to add code to support Fortinet quarantine files (using the maldump guys’ research as a base). Thanks to TheMythologist...
View ArticleHunting for the warez & other dodgy stuff people install / download, part 1
It is a sad IT fact, but employees install pirated/dodgy software on regular basis and download&execute whatever they want. There is no way to stop them… other than implementing a very strict...
View ArticleHunting for the warez & other dodgy stuff people install / download, part 2
In the first part of this series we explored some basic search terms that can be used to find ‘unwanted’ software being installed on company endpoints. Today, I’d like to take this research a step...
View ArticleMalware Source code string extraction
Every once in a while we put our hands on a source code corpora of some malware (thx vx-underground!). Whether it is a quality release or not, we don’t care, because we know we usually get a kinda...
View Article