neonprimetime security , just trying to help

Monday, November 12, 2018

IDA common locations to put breakpoints

I'm learning that if you're looking for somewhere to breakpoint in confusing malware try jmp eax ; // or any register for that m...

IDA Error "The instruction at ... referenced memory at ... The memory could not be written"

If you're running malware in IDA and get a error such as 8A1EE: The instruction at 0x8A1EE referenced memory at 0x0. The memory could ...

#phishingkit threat actor emails 2018-11-12

#phishingkit actor emails https://twitter.com/Techhelplistcom/status/1061885792027586560 185.52.3.156 http://routelabel.net hosting 12\1...

Friday, November 9, 2018

IDA Python bitwise NOT Decode malware strings

If you have an area in memory that is xor obfuscated debug007:0018FB06 db 9Ch ; œ debug007:0018FB07 db 1Ah and you have assembly code th...

IDA Python Xor Decode malware strings

If you have an area in memory that is xor obfuscated debug007:0018FB04 db 0CEh ; Î debug007:0018FB05 db 27h ; ' debug007:0018FB06 db ...

IDA Get String pointed to by Address

Related to this blog post https://neonprimetime.blogspot.com/2018/10/malwaretech-ida-python-cheatsheet.html and this https://neonprimetim...

IDA Python Get String pointed to by Register

Related to this blog post https://neonprimetime.blogspot.com/2018/10/malwaretech-ida-python-cheatsheet.html If you're in IDA and you ...

View web version

Powered by Blogger.