Introduction I’m reasonably sure that anyone reading this particular article has heard about viruses, worms, trojans and malware; as well as numerous antivirus products like
Another excellent publisher has offered up a generous sample of a book we’ve been talking about. This is Chapter 12 from Practical Malware Analysis – The
Summary Android’s increasing popularity, combined with the possibility to create alternative markets, makes this platform a fertile ground for malware authors. While most of these
This is the third article in a series on the topic of self-modifying code
For several years now, there has been an explosive increase in the use of mobile applications. Included in this staggering increase of mobile software are
Malware comes in different sizes and shapes. Trojans, worms, viruses, downloaders, and others are becoming more common than common cold medicine. These malware are mixed
Introduction: In my last article, we’d discussed the most important ways in which a rootkit enters a system and subsequently masks its presence so it
Part 1 is here: http://resources.infosecinstitute.com/writing-self-modifying-code-part-1/ All the code for this tutorial is on github. Links for particular components are interspersed, or you can just pull
We have seen our fair share of malware codes from time to time. With the help of disassemblers and debuggers, we have a shot of
To follow along with this tutorial, download all source files here In the first part of this tutorial, we’ll be making a basic C scaffold
Introduction A rootkit is a piece of software that is written by someone, who at the very least, wants to spy on specific system calls
Introduction In this paper we are going to talk about the Anticloud Trojan, also know as the TrojanDropper:Win32/Bohu.A and B variant. This malware originated in China
The advance in technology brought us mobile phones with almost the same power and features as our personal computers. Something that criminal minds will find
This tutorial will cover the process of writing a buffer overflow exploit for a known vulnerability in the Vulnserver application. This is the fifth article
Part Two in a multi-part series on holistic, multi-disciplinary analysis and reversing. You can read part one of this series here. The last post, “Mutex
Part One in a multi-part series on holistic, multi-disciplinary analysis and reversing. This post is based on a presentation I gave at the last Thotcon,
In the two years since the Win32/Olmarik family of malware programs (also known as TDSS, TDL and Alureon) started to evolve, its authors have implemented
On a daily basis,we are encountering thousands of new types of malware with unknown content. This malware can come from honeypots, infected websites or even
Part 1: Introduction and De-Obfuscating and Reversing the User-Mode Agent Dropper Part 2: Reverse Engineering the Kernel-Mode Device Driver Stealth Rootkit Part 3: Reverse Engineering
Part 1: Introduction and De-Obfuscating and Reversing the User-Mode Agent Dropper Part 2: Reverse Engineering the Kernel-Mode Device Driver Stealth Rootkit Part 3: Reverse Engineering
Part 1: Introduction and De-Obfuscating and Reversing the User-Mode Agent Dropper Part 2: Reverse Engineering the Kernel-Mode Device Driver Stealth Rootkit Part 3: Reverse Engineering
(quick plug – to all current & future reverse engineers – check out our Reverse Engineering Training Course. We’d love to publish your work next!) Part
