Posted Updated Binary Exploitation8 minutes read (About 1215 words)

Testing Linux Heap exploits on different Glibc version (with source-level debugging setup)

Recently I am learning about Linux Heap exploitation and I came across some really good Phrack papers and blogs which explained different type of attacks in varying conditions, I have included the link of these blogs and papers in the next section. I also came across an amazing GitHub project How2Heap by shellpish team, this project has the example exploit code for various heap exploitation technique of different versions of Glibc out there in public, which help me to get a better understanding of how those attacks played out. That project also included a script to build Glibc with any version of your choice and test the exploit on that version.

Read more
Posted Updated Malware Analysis11 minutes read (About 1665 words)

Analyzing the Windows LNK file attack method

Recently a friend of mine shared an interesting Malicious sample, it was a Microsoft shortcut file (LNK file) which after clicking(execution) lead to infection, although I was not aware of this type of attack vector before doing a basic research on google I was surprised that there is an increase in this type of attacks since 2017. In this post we will Analysis the LNK file malware and uncover how attacker uses multiple layers of obfuscation to evade AV and finally dropping malicious binary, we will also look into how to de-obfuscate each layer and understand what the code is doing.

Read more
Posted Updated Malware Analysis14 minutes read (About 2137 words)

Unpacking Grey Energy malware (Service Application DLL)

Recently I stumbled upon malware sample which was part of Grey Energy malware campaign targeting Ukraine energy infrastructure. I ran the hash of the file on virutotal and many of the antiviruses tagged it Grey Energy and I tried to do a little more internet research but didn’t find and analysis on it. As there was no post on this sample so I decided to write one.
In the post you will learn the following:

  1. How to debug Windows Service Application DLL
  2. Learn how to use a EBFE debugging technique
  3. Unpacking a DLL binary
  4. How to dump an unpacked in-memory executable

File hash : 15a6f734ca79efc027000dd12f4d3870ccc9f604517b0e700c05b961659308d1

Read more
Posted Updated Malware Analysis25 minutes read (About 3757 words)

Gandcrab v5.0.3 detail analysis of javascript delivery payload

Recently a friend of mine shared with me a Javascript file which on execution resulted in machine been infected by GandCrab ransomeware. Initial through was that it must be the Javascript implementation of ransomeware, but assumption tuned out to be wrong, the code was actually heavily obfuscated and it dropped the actual GandCrab binary (v5.0.3) which did the encryption. The Javascript code did lots of other technology like using Powershell script and ActiveXObject in order to evade detection.

Read more
Posted Updated Reverse Engineering7 minutes read (About 1000 words)

Setting up Windows 7 Machine for Kernel Debugging

Recently when I was trying to debug a malicious Windows driver and I had to setup kernel debugging environment, there were various tutorial I found using various configuration VMware, network based. But I wanted something quick and dirty which is what my setup is.

Read more
Follow

Categories

Tags

ACS7121
Arduino5
Bare-Metal1
CTF14
Chat Bots2
Classification1
Data Wrangling3
Dev1
Dropper1
ESP82662
Editor1
Emacs1
Exploitation2
GandCrab1
Grey Energy1
Heap Exploitation4
Kernel Debugging1
Linux16
Linux Malware3
Malware Analysis3
Python5
ROP1
Regression1
Reverse Engineering1
Visualization1
WarGames5
Windows Malware3
Windows Reversing1
glibc1
javascript obfuscation1
pwnable13
pwnable-kr7
pwnable-tw6
radare24

Recents

Archives

Your browser is out-of-date!

Update your browser to view this website correctly.&npsb;Update my browser now

×

×