Windows 10 PE image loader (LDR) NTDLL component toolbox - andrew-boyarshin/LoaderWatch

Corelan Cyber Security Research Exploit Development Tutorials Training Infosec Training corelanc0d3r

The Home of the Hacker - Malware, Reverse Engineering, and Computer Science.

In this video, I analyze a malicious HTA document that I found on VirusTotal.

SHA256: 6f691612c2e9e7a7402859e720c44b2ad0d12c06ff0976c7e1d0e568b9736334

Files:
https://uofi.box.com/s/58kv1vg909wvy4ai6a3nhjm99wauh3pz
password: infected

Caution: please do…

This talk will dive into commonly overlooked mobile vulnerability areas that will benefit bug bounty participants. The Android Inter Process Communication (IPC) model will be explained, and how IPC implementation flaws could allow non rooted devices to gain…

Pre-installed apps and firmware pose a risk due to vulnerabilities that can be pre-positioned on a device, rendering the device vulnerable on purchase. This means that the vulnerabilities are present even before the user enables wireless communications and…

Taking r2frida to the next level

Slides https://github.com/radareorg/r2con-2017/tree/master/talks/hidden-gems

This talk will show a bunch of hidden or not much known/used features of radare2 that will make you laugh, think and even help you on solving some of your daily issues while reverse…

While hunting, I recently found interesting malware samples that use Microsoft. NET commands to compile their second stage on-premise. This talk will review some of them and show you how they (ab)use the commands present on almost any modern Windows computer.…

Supporting Data Archives for Ghidra. Contribute to 0x6d696368/ghidra-data development by creating an account on GitHub.

We dynamically unpack a Java malware that jumps on the COVID-19 bandwagon to trick users into running it.

The dumping method is useful for other packed JAR malware as well. It utilizes Java instrumentation, more specifically Java Agent.

My malware analysis…

One aspect of Java development that is considered too low-level or too hard-core for the average developer to know about is Java agents. But nowadays every self-respecting tool or framework imposes one upon you— it has become an integral part of an average…