Content Paint
Search
Sign in

Reverse Engineering

Reverse Engineering  | Nov 01, 2023
Malware Unpacking With Memory Dumps - Intermediate Methods (Pe-Sieve, Process Hacker, Hxd and Pe-bear)
Malware Unpacking With Memory Dumps - Intermediate Methods (Pe-Sieve, Process Hacker, Hxd and Pe-bear)

Demonstrating three additional methods for obtaining unpacked malware samples. Using Process Hacker, Pe-sieve, Hxd and Pe-bear.

Reverse Engineering  | Oct 30, 2023
Unpacking .NET Malware With Process Hacker and Dnspy
Unpacking .NET Malware With Process Hacker and Dnspy

Unpacking an Asyncrat loader using Process Hacker and Dnspy

Reverse Engineering  | Oct 27, 2023
Remcos Downloader Analysis - Manual Deobfuscation of Visual Basic and Powershell
Remcos Downloader Analysis - Manual Deobfuscation of Visual Basic and Powershell

Decoding a Remcos Loader, leveraging regex, python and Cyberchef to identify IOCs.

Ghidra  | Oct 25, 2023
Understanding and Improving The Ghidra UI for Malware Analysis
Understanding and Improving The Ghidra UI for Malware Analysis

Improving Malware Analysis Workflows by Modifying the default Ghidra UI.

CyberChef  | Oct 23, 2023
Cobalt Strike .VBS Loader - Decoding with Advanced CyberChef and Emulation
Cobalt Strike .VBS Loader - Decoding with Advanced CyberChef and Emulation

Manually decoding a Cobalt Strike .vbs Loader utilising advanced CyberChef and Shellcode Emulation.

Reverse Engineering  | Oct 20, 2023
Cobalt Strike Loader Deobfuscation Using CyberChef and Emulation (.hta files)
Cobalt Strike Loader Deobfuscation Using CyberChef and Emulation (.hta files)

Decoding a .hta script with CyberChef and analysing Shellcode with the SpeakEasy Emulator.

Reverse Engineering  | Oct 18, 2023
Ghidra Tutorial - Using Entropy To Locate a Cobalt Strike Decryption Function
Ghidra Tutorial - Using Entropy To Locate a Cobalt Strike Decryption Function

Using Ghidra Entropy Analysis to Identify a decryption function.

Reverse Engineering  | Oct 16, 2023
Decoding a Simple Visual Basic (.vbs) Script - DarkGate Loader
Decoding a Simple Visual Basic (.vbs) Script - DarkGate Loader

Demonstrating basic techniques for decoding a darkgate .vbs loader.

Reverse Engineering  | Oct 05, 2023
Introduction to DotNet Configuration Extraction - RevengeRAT
Introduction to DotNet Configuration Extraction - RevengeRAT

Introduction to dotnet configuration extraction. Leveraging RevengeRat and Python.

Your link has expired. Please request a new one.
Your link has expired. Please request a new one.
Your link has expired. Please request a new one.
Great! You've successfully signed up.
Great! You've successfully signed up.
Welcome back! You've successfully signed in.
Success! You now have access to additional content.