Today during RSA Conference, the National Security Agency release their much hyped Ghidra reverse engineering toolkit. Described as “A software reverse engineering (SRE) suite of
Category: Reverse Engineering

Recently I saw a story on SecurityWeek about how the Cerber ransomware morphs every 15 seconds (each download results in a file with a new hash),

Sorry for the longer than expected delay, occasionally the Dridex group will take the servers offline during the weekend and resume normal operations on Monday;

In the previous article we went over how to dump the names of the majority of functions dridex resolves dynamically to complicate analysis. Today we will

Due to popular request I’m starting a new reverse engineering article series which will detail how I go about analyzing various samples, instead of just

Last week I received a tip about a sample displaying some indication that it could be peer-to-peer (a large amount of UDP traffic being sent to

In the recent years I’ve noticed a shift in the malware economy from botnets to ransomware, which is likely due to the AV industry employing

Recently I installed Windows 10 RTM and while I was digging around I happened to notice some changes to the user mode portion of the

Usually I don’t post things like this, but because KiFastSystemCall hooking only works on x86 systems and doesn’t work on Windows 8 or above, it

Getting Original Pointers XP is a little more complicated than newer systems due to the use of a single driver for both port and miniport;