Simple No-meaning Assembly Omitter for IDA Pro (This is just a prototype) - tkmru/nao

extending IDA's string navigation capabilities. Contribute to Comsecuris/ida_strcluster development by creating an account on GitHub.

A mostly live demo of base concepts of malware analysis using a multitude of tools on a Dridex sample pulled from a phishing campaign from PDF attachment to executable installation. The main point is to show people some base tools to dive headfirst into analysis…

Modern development environments and debuggers enable us to spend much of our time writing and reading source code. This makes the life of a developer much easier and most of the time we can reason about our program solely based on the source code itself.…

Making programs run as efficiently as possible is a popular topic in C++; it being a fairly low-level language, it is indeed particularly well suited to mapping algorithms to the architecture that evaluates them with minimal overhead. Making that mapping…

Lenny Zeltser, Instructor / VP of Products, Minerva Labs & SANS

Knowing how to analyze malware has become a critical skill for security professionals. This fast-paced session explains how, armed with free tools, you can examine Windows malware in your own…

Contribute to theevilbit/injection development by creating an account on GitHub.

A helper noscript for unpacking and decompiling EXEs compiled from python code. - GitHub - WithSecureLabs/python-exe-unpacker: A helper noscript for unpacking and decompiling EXEs compiled from python...

Each year NSA puts out a challenge called Codebreaker that requires reverse engineering and exploitation skills. This year was designed around Android Apps and Public Key backdoors. The theme for 2017 was incident response, 2018 was ransomware recovery, and…

Smokeloader Malware Analysis
md5: 13E928FD0CC989BEAF07196FDC8D5BE2

In this article I going to ex...

Course materials for Advanced Binary Deobfuscation by NTT Secure Platform Laboratories - malrev/ABD

The User-Agents.Net website provides various user agent lists and technical information about them

Python decompiler for 3.7-3.8 Stripped down from uncompyle6 so we can refactor and start to fix up some long-standing problems - rocky/python-decompile3

In this presentation, we provide the most comprehensive to-date "Windows process injection" collection of techniques - the first time such resource is available, that really covers all (or almost all) true injection techniques. We focus on Windows 10 x64…