neonprimetime security , just trying to help
Tuesday, October 30, 2018
Command and Control traffic in Assembly, Malware Reversing
›
This article from FireEye https://www.fireeye.com/blog/threat-research/2010/08/reversing-malware-command-control-sockets.html describ...
\\\\.\\PhysicalDrive0 and CreateFileA , MBR overwriting
›
If you see malware performing this action in windows assembly push ... push ... push ... push ... push ... push ... push offset File...
GetMessageW , waiting for WM_QUIT or termination
›
In assembly if you see pseudo code in windows similar to this top: call GetMessageW test eax, eax jg listenForMore call D...
CreateThread for Monitoring
›
If you see this assembly call in windows push ... push ... push ... push offset sub_xxxx push ... push ... call ds:CreateThread I...
Counting Processes and Watching for one to Die
›
This pseudo code may try to count the # of processes with a given name and if one of them is terminated, then the code will do something. F...
NtRaiseHardError , BSOD (Blue Screen of Death)
›
If you ever see windows assembly code like this where it's adjusting privileges and then calling the undocumented function to Raise a Ha...
Tuesday, October 23, 2018
MalwareTech IDA Python Cheat Sheet
›
MalwareTech posted an amazing video for beginner reversing here on youtube https://youtube.com/watch?v=w_rQJ7u-lpk My favorite part was ...
‹
›
Home
View web version