AppliedCryptoHardening
https://bettercrypto.org/static/applied-crypto-hardening.pdf
https://bettercrypto.org/static/applied-crypto-hardening.pdf
Borrowing microsoft code signing certificates
https://blog.conscioushacker.io/index.php/2017/09/27/borrowing-microsoft-code-signing-certificates/
https://blog.conscioushacker.io/index.php/2017/09/27/borrowing-microsoft-code-signing-certificates/
https://thisissecurity.stormshield.com/2017/09/28/analyzing-form-grabber-malware-targeting-browsers/
This is Security :: by Stormshield
Analyzing a form-grabber malware - This is Security :: by Stormshield
Introduction As a new member of the Stormshield Security Intelligence team, my initiation ritual was to analyze a form-grabber malware used to steal passwords thanks to web-browser injection method. In this article I’ll try to present a detailed analysis…
https://github.com/nccgroup/DriverBuddy
This IDA plugin is helper for drivers
Identifying the type of driver
Locating DispatchDeviceControl and DispatchInternalDeviceControl functions
Populating common structs for WDF and WDM drivers
Attempts to identify and label structs like the IRP and IO_STACK_LOCATION
-> Labels calls to WDF functions that would normally be unlabeled
Finding known IOCTL codes and decoding them
Flagging functions prone to misuse
This IDA plugin is helper for drivers
Identifying the type of driver
Locating DispatchDeviceControl and DispatchInternalDeviceControl functions
Populating common structs for WDF and WDM drivers
Attempts to identify and label structs like the IRP and IO_STACK_LOCATION
-> Labels calls to WDF functions that would normally be unlabeled
Finding known IOCTL codes and decoding them
Flagging functions prone to misuse
GitHub
GitHub - nccgroup/DriverBuddy: DriverBuddy is an IDA Python noscript to assist with the reverse engineering of Windows kernel drivers.
DriverBuddy is an IDA Python noscript to assist with the reverse engineering of Windows kernel drivers. - nccgroup/DriverBuddy