-
Recent Posts
Archives
- November 2025 (2)
- March 2025 (1)
- January 2025 (1)
- December 2024 (2)
- October 2024 (2)
- March 2023 (1)
- November 2022 (1)
- October 2022 (2)
- February 2022 (1)
- January 2022 (1)
- October 2021 (3)
- January 2021 (1)
- December 2020 (1)
- September 2019 (1)
- June 2019 (1)
- January 2019 (1)
- July 2018 (1)
- April 2018 (1)
- February 2018 (1)
- January 2018 (2)
- December 2017 (2)
- November 2017 (1)
- June 2017 (4)
- May 2017 (2)
- December 2016 (1)
- November 2016 (1)
- July 2016 (3)
- June 2016 (1)
- April 2016 (1)
- March 2016 (2)
- February 2016 (1)
- October 2014 (1)
- March 2014 (1)
- February 2014 (2)
- January 2014 (1)
- November 2013 (1)
- October 2013 (1)
- September 2013 (1)
- August 2013 (1)
- July 2013 (3)
- July 2012 (1)
- May 2012 (1)
- April 2012 (1)
Categories
- CONfidence (3)
- CrackMe (24)
- cryptography (1)
- CTF (8)
- FlareOn (6)
- KernelMode (4)
- Malware (16)
- Malware Decryptor (5)
- PE-bear (12)
- Programming (6)
- Techniques (5)
- Tools (10)
- Tutorial (17)
- Uncategorized (3)
- WKE (3)
Blog Stats
- 2,096,006 hits
All my works included here are licensed under:
Category Archives: Tutorial
Tutorial: unpacking executables with TinyTracer + PE-sieve
Covers: automatic OEP finding, reconstructing IAT, avoiding antidebugs and fixing imports broken by shims In this short blog I would like to demonstrate you how to unpack an executable with PE-sieve and Tiny Tracer. As an example, let’s use the … Continue reading
Posted in Malware, Tools, Tutorial
Tagged HollowsHunter, PE-bear, PE-sieve, TinyTracer
Leave a comment
Flare-On 11 – Task 10
Flare-On is an annual CTF run by Mandiant Flare Team. In this series of writeups I present solutions to some of my favorite tasks from this year. All the sourcecodes are available on my Github, in dedicated repository: flareon2024. The … Continue reading
Magniber ransomware analysis: Tiny Tracer in action
Intro Magniber is a ransomware that was initially targeting South Korea. My first report on this malware was written for Malwarebytes in 2017 (here). Since then, the ransomware was completely rewritten, and turned into a much more complex beast. The … Continue reading
Ida tips: how to use a custom structure
Applying custom structures make the result of decompilation much more readable. This is how the same fragment of the code looks before and after proper structures being applied: Before: After: In this short post, I will demonstrate how to add … Continue reading
Python scripting for WinDbg: a quick introduction to PyKd
PyKd is a plugin for WinDbg allowing to deploy Python scripts . It can be very helpful i.e. for tracing and deobfuscation of obfuscated code. In this small tutorial I will demonstrate how to install it and make everything work. … Continue reading
Posted in Tools, Tutorial
8 Comments
Flare-On 7 – Task 9
This year’s FlareOn was very interesting. I managed to finish it with 87th place. In this small series I will describe my favorite tasks, and how I solved them. I hope to provide some educational value for others, so this … Continue reading
How to compile a PIN tool using Visual Studio 2017
UPDATE: the described problems in compiling the default PIN projects seems to be fixed in the new PIN release: 3.10. PIN (of Intel) is a great platform for dynamic binary instrumentation. I use it on daily for tracing and deobfuscating … Continue reading
Posted in Tutorial
6 Comments
Unpacking a malware with libPeConv (Pykspa case study)
In one of the recent episodes of “Open Analysis Live!” Sergei demonstrated how to statically unpack the Pykspa Malware using a Python script. If you haven’t seen this video yet, I recommend you to watch, it is available here – … Continue reading
Starting with Windows Kernel Exploitation – part 3 – stealing the Access Token
Recently I started learning Windows Kernel Exploitation, so I decided to share some of my notes in form of a blog. In the previous parts I shown how to set up the environment. Now we will get familiar with the … Continue reading
hasherezade's 1001 nights 