Understanding Windows Registry
Let’s say a user just finished installing a piece of recommended software. They weren’t really familiar with the source, but the potential benefits would...
Malware analysis
Windows Internals for Malware Analysis
This article defines Windows internals and illustrates tools which can be used to explore Windows internal systems. We’ll be defining malware and describing...
Lampion malware: what it is, how it works and how to prevent it | Malware spotlight
The Lampion malware is spread through emails containing a link that downloads a .zip file with malicious files in it. It’s a banking Trojan: criminals developed...
Malware spotlight: Sodinokibi
Ransomware is not new at this point in time and will be with us for the foreseeable future, as new types of ransomware are constantly emerging. And sometimes,...
Networking Basics for Reverse Engineers
This article will define network reverse engineering, list tools used by reverse engineers for reverse engineering and then highlight the network basics required...
Stack Instructions
This article will introduce readers to the assembly concepts in relation to the stack. We will discuss basic concepts related to stack and various registers,...
Stepping
Single-stepping is one of the most powerful features of a debugger, as it allows a reverse engineer to execute a single instruction at a time before returning...
DLL Load Order Hijacking
DLL load order hijacking is a popular technique used to force a legitimate program to load a malicious DLL file in Windows by abusing Windows’ DLL load order...
Arithmetic Instructions
This article defines arithmetic instructions as executed by x86 processors. It goes on to describe in brief, four key classifications of arithmetic instructions:...
Malware spotlight: Nemty
If the last five years or so have proven anything, it is that ransomware is here to stay as a threat in the cybersecurity wild. This should not be used as...