SHELLCODE — A binary chunk of data that is hidden in malware which is used to do malicious task by performing techniques like process injection. Its a PIC (Position Independent code) which uses no hard-coded address, PIC means that it can be executed at any memory location. Shellcode can not use windows…

An open source automated malware analysis system. Throw any suspicious file at it and get a detailed report outlining the behavior of the file. Requirements Since Cuckoo is written in python you need the following python libraries for proper installation. sudo apt-get install python python-pip python-dev libffi-dev libssl-dev sudo apt-get install python-virtualenv…

Disassemblers like IDA pro are a great tool for static analysis to get an overview of the code and its functionality without running it, but what if the disassembler fails to disassemble a particular piece of code or displays you wrong instructions!!!…well in such cases there may be the usage…

Wannacry - A ransomware cryptoworm which affected more than 200,000 computers across 150 countries by encrypting data and demanding ransom payments in Bitcoin cryptocurrency. It spreads through network by exploiting a vulnerability in SMB(Server Message Block) protocol, MS17–010. Before analyzing this malware make sure you do these steps- Use virtual machine for your analysis. Don’t forget to take snapshot of…

A covert malware launching technique that uses windows process as a cloak. It is a process in which a remote process is forced to load a malicious DLL. Remote process could be any process. Example svchost.exe, explorer.exe. Okay..but what is a DLL?😐 DLL — Dynamic-Link Library — It is Microsoft’s…