neonprimetime security , just trying to help

Tuesday, November 14, 2023

Detection Engineering stages of maturity: A Story

›
Detection Engineering stages of maturity, getting the most out of your SIEM, a story over time #detectionengineering #blueteam #siem The ...
1 comment:
Thursday, February 16, 2023

Redline Malware Malware Analysis Feb 16 2023

›
Started with this redline malware sample  https://www.joesandbox.com/analysis/808971/0/html Which the sandbox says dumps a bunch of child-...
3 comments:

CAB files FDICreate FDICopy

›
 call ds:__imp__FDICreate (creates context for extracting Microsoft .CAB Cabinet files) ... push offset pszCabPath  call ds:__imp__FDICopy Y...
3 comments:

FindResourceA 0xa

›
 v0 = FindResourceA(0, "UPROMPT", (LPCSTR)0xA); or push 0xA ; lpType push edi ; lpName push 0 ; hModule call ds:__imp__Findresourc...
2 comments:
Wednesday, February 15, 2023

Packer Process Injection - CreateProcessInternalW CREATE_SUSPENDED

›
CreateProcessInternalW CreationFlags: CREATE_SUSPENDED 0x00000004 Malware creating a process in a suspended state typically from a packer an...
2 comments:

VirtualProtectEx PAGE_EXECUTE_READWRITE

›
 VirtualProtectEx Protection: PAGE_EXECUTE_READWRITE 0x40 in malware that almost always means "injected code"
Tuesday, February 14, 2023

IDA Pro - The graph is too big (more than 1000 nodes)

›
 IDA Pro error The graph is too big (more than 1000 nodes) two options as to why the graph is "too big" 1) either it's obfusca...
‹
›
Home
View web version
Powered by Blogger.