Malware Analysis

Dive into dynamic malware analysis techniques, from ProcMon to Wireshark, to unravel malicious code behavior in real-time.

ROP is an advanced exploit technique, bypassing DEP & ASLR by chaining code snippets (gadgets) for arbitrary code execution without new executable code.

This article explores advanced static malware analysis techniques, including file format analysis, strings analysis, control flow graph reconstruction, disassembly and reverse engineering, signature-based detection, and indicators of compromise, providing practical examples and tool recommendations for professional hackers, pen testers, and red teamers.

This article delves into malware obfuscation, discussing various techniques, tools, and best practices used by red teams and penetration testers, along with real-world examples and code samples, to create evasive and resilient malware that can bypass security measures and remain undetected.

This article provides an in-depth overview of advanced malware analysis techniques, including manual and automated disassembly, decompilers, debuggers, and dynamic binary instrumentation (DBI), with examples of tools and outputs provided for each technique.

This article explores advanced heap spraying techniques used by red teams and pen testers to exploit vulnerabilities in software applications, including non-ASLR and ASLR-based heap spraying, and Unicode heap spraying, with real-world examples and tools.

This article introduces and explains exploit development techniques, best practices, and examples for a technical audience of red teams and pen testers.

This article discusses advanced malware analysis techniques focusing on dynamic analysis and provides real-world examples and code samples for techniques such as memory analysis, network monitoring, and debugging.

This article provides an overview of the inner workings of ransomware, analyzes real-world examples, and provides techniques for preventing and mitigating ransomware attacks.

A working primer on static and dynamic PE analysis from the operator’s seat. What an EDR actually sees when your payload lands on disk, why your IAT and entropy and PDB paths are doing most of the talking, and a self-audit loop that catches the obvious tells before the payload ever touches a customer machine.

PE/ELF/Mach-O structure, x86/x64 assembly, disassembly versus decompilation, dynamic analysis with debuggers and Frida, and the anti-RE tricks you’ll meet on the way.