πŸ”’
❌
There are new articles available, click to refresh the page.
Before yesterdayMalwareTech

Investigating Command and Control Infrastructure (Emotet)

13 November 2017 at 09:37

Although the majority of botnets still use a basic client-server model, with most relying on HTTP servers to receive commands, many prominent threats now use more advanced infrastructure to evade endpoint blacklisting and be resilient to take-down. In this article I will go through and explain my process of identifying …

The post Investigating Command and Control Infrastructure (Emotet) appeared first on MalwareTech.

Best Languages to Learn for Malware Analysis

19 March 2018 at 09:44

One of the most common questions I’m asked is β€œwhat programming language(s) should I learn to get into malware analysis/reverse engineering”, to answer this question I’m going to write about the top 3 languages which I’ve personally found most useful. I’ll focus on native malware (malware which does not require …

The post Best Languages to Learn for Malware Analysis appeared first on MalwareTech.

Tracking the Hide and Seek Botnet

9 January 2019 at 23:19

Hide and Seek (HNS) is a malicious worm which mainly infects Linux based IoT devices and routers. The malware spreads via bruteforcing SSH/Telnet credentials, as

The post Tracking the Hide and Seek Botnet appeared first on MalwareTech.

Analyzing a Windows DHCP Server Bug (CVE-2019-0626)

1 March 2019 at 00:35

Today I’ll be doing an in-depth write up on CVE-2019-0626, and how to find it. Due to the fact this bug only exists on Windows

The post Analyzing a Windows DHCP Server Bug (CVE-2019-0626) appeared first on MalwareTech.

Video: First Look at Ghidra (NSA Reverse Engineering Tool)

6 March 2019 at 02:29

Today during RSA Conference, the National Security Agency release their much hyped Ghidra reverse engineering toolkit. Described asΒ  β€œA software reverse engineering (SRE) suite of

The post Video: First Look at Ghidra (NSA Reverse Engineering Tool) appeared first on MalwareTech.

Analysis of a VB Script Heap Overflow (CVE-2019-0666)

2 April 2019 at 22:41

Anyone who uses RegEx knows how easy it is to shoot yourself in the foot; but, is it possible to write RegEx so badly that

The post Analysis of a VB Script Heap Overflow (CVE-2019-0666) appeared first on MalwareTech.

Analysis of CVE-2019-0708 (BlueKeep)

31 May 2019 at 22:01

I held back this write-up until a proof of concept (PoC) was publicly available, as not to cause any harm. Now that there are multiple

The post Analysis of CVE-2019-0708 (BlueKeep) appeared first on MalwareTech.

YouTube’s Policy on Hacking Tutorials is Problematic

3 July 2019 at 23:57

Recently YouTube changed its policy on β€œhacking” tutorials to an essential blanket ban. In the past, such content was occasionally removed under YouTube’s broad β€œHarmful

The post YouTube’s Policy on Hacking Tutorials is Problematic appeared first on MalwareTech.

DejaBlue: Analyzing a RDP Heap Overflow

19 August 2019 at 16:23

In August 2019 Microsoft announced it had patched a collection of RDP bugs, two of which were wormable. The wormable bugs, CVE-2019-1181 & CVE-2019-1182 affect

The post DejaBlue: Analyzing a RDP Heap Overflow appeared first on MalwareTech.

BlueKeep: A Journey from DoS to RCE (CVE-2019-0708)

6 September 2019 at 23:21

Due to the serious risk of a BlueKeep based worm, I’ve held back this write-up to avoid advancing the timeline. Now that a proof-of-concept for

The post BlueKeep: A Journey from DoS to RCE (CVE-2019-0708) appeared first on MalwareTech.

How I Found My First Ever ZeroDay (In RDP)

31 December 2020 at 23:36

Up until recently, I’d never tried the bug hunting part of vulnerability research. I’ve been reverse engineering Windows malware for over a decade, and I’d

The post How I Found My First Ever ZeroDay (In RDP) appeared first on MalwareTech.

An in-depth look at hacking back, active defense, and cyber letters of marque

17 November 2021 at 19:16

There has been much discussion in cyber security about the possibility of enabling the private sector to engage in active cyber defense, or colloquially β€œhacking

The post An in-depth look at hacking back, active defense, and cyber letters of marque appeared first on MalwareTech.

[Video] Exploiting Windows RPC – CVE-2022-26809 Explained | Patch Analysis

23 April 2022 at 21:13

Walking through my process of how I use patch analysis and reverse engineering to find vulnerabilities, then evaluate the risk and exploitability of bugs.

The post [Video] Exploiting Windows RPC – CVE-2022-26809 Explained | Patch Analysis appeared first on MalwareTech.

[Video] Introduction to Use-After-Free Vulnerabilities | UserAfterFree Challenge Walkthrough (Part: 1)

3 May 2022 at 01:22

An introduction to Use-After-Free exploitation and walking through one of my old challenges. Challenge Info: https://www.malwaretech.com/challenges/windows-exploitation/user-after-free-1-0 Download Link: https://malwaretech.com/downloads/challenges/UserAfterFree2.0.rar Password: MalwareTech

The post [Video] Introduction to Use-After-Free Vulnerabilities | UserAfterFree Challenge Walkthrough (Part: 1) appeared first on MalwareTech.

  • There are no more articles
❌