Open in app

Sign In

Write

Sign In

Preet kamal
Preet kamal

37 Followers

Home

About

Published in Malware_Autopsy

·Jun 6, 2022

KERNEL DEBUGGING FOR MALWARE ANALYSIS

A method used to read data in kernel memory and perform analysis to detect malicious activities in memory. Note-The purpose of this blog is to show how we can use kernel debugging to analyse kernel malware not the full analysis of this sample. CREATING A DRIVER First, the executable uses “CreateServiceA” to create…

Malware Analysis

4 min read

KERNEL DEBUGGING FOR MALWARE ANALYSIS
KERNEL DEBUGGING FOR MALWARE ANALYSIS
Malware Analysis

4 min read


Published in Malware_Autopsy

·Mar 15, 2022

BASICS OF SHELLCODE ANALYSIS

SHELLCODE — A binary chunk of data that is hidden in malware which is used to do malicious task by performing techniques like process injection. Its a PIC (Position Independent code) which uses no hard-coded address, PIC means that it can be executed at any memory location. Shellcode can not use windows…

Malware

3 min read

BASICS OF SHELLCODE ANALYSIS
BASICS OF SHELLCODE ANALYSIS
Malware

3 min read


Dec 1, 2020

CUCKOO SANDBOX

An open source automated malware analysis system. Throw any suspicious file at it and get a detailed report outlining the behavior of the file. Requirements Since Cuckoo is written in python you need the following python libraries for proper installation. sudo apt-get install python python-pip python-dev libffi-dev libssl-dev sudo apt-get install python-virtualenv…

Malware Analysis

4 min read

CUCKOO SANDBOX
CUCKOO SANDBOX
Malware Analysis

4 min read


Feb 25, 2020

ANTI-DISASSEMBLY TECHNIQUES

Disassemblers like IDA pro are a great tool for static analysis to get an overview of the code and its functionality without running it, but what if the disassembler fails to disassemble a particular piece of code or displays you wrong instructions!!!…well in such cases there may be the usage…

Malware Analysis

7 min read

ANTI-DISASSEMBLY TECHNIQUES
ANTI-DISASSEMBLY TECHNIQUES
Malware Analysis

7 min read


Dec 5, 2019

WannaCry Analysis

Wannacry - A ransomware cryptoworm which affected more than 200,000 computers across 150 countries by encrypting data and demanding ransom payments in Bitcoin cryptocurrency. It spreads through network by exploiting a vulnerability in SMB(Server Message Block) protocol, MS17–010. Before analyzing this malware make sure you do these steps- Use virtual machine for your analysis. Don’t forget to take snapshot of…

Security

5 min read

WannaCry Analysis
WannaCry Analysis
Security

5 min read


Published in Malware_Autopsy

·Nov 29, 2019

DLL Injection

A covert malware launching technique that uses windows process as a cloak. It is a process in which a remote process is forced to load a malicious DLL. Remote process could be any process. Example svchost.exe, explorer.exe. Okay..but what is a DLL?😐 DLL — Dynamic-Link Library — It is Microsoft’s…

Malware Analysis

4 min read

DLL Injection
DLL Injection
Malware Analysis

4 min read

Preet kamal

Preet kamal

37 Followers

Security Analyst @IBM https://www.linkedin.com/in/preet-kamal-b61385132/

Following
  • Orhan Öztaş

    Orhan Öztaş

  • Ibrahim Ekim Isik

    Ibrahim Ekim Isik

  • GhouLSec

    GhouLSec

  • n00🔑

    n00🔑

  • Hüseyin EKŞİ

    Hüseyin EKŞİ

Help

Status

Writers

Blog

Careers

Privacy

Terms

About

Text to speech