In March 2019, the U.S. National Security Agency (NSA) released a reverse‑engineering toolkit called Ghidra. I’d first come across the name a couple of years earlier in WikiLeaks leaks and was very curious about what the NSA…
CONTINUE READING 🡒 Author: Nik Zerof
Building a Password Stealer: How to Extract Chrome and Firefox…
You’ve probably heard of a class of malware known as infostealers. Their goal is to exfiltrate valuable data from a victim’s system—most notably passwords. In this article, I’ll explain how they do that using Chrome and Firefox…
CONTINUE READING 🡒 
Defending Windows: DIY Security Without Antivirus Software
If you want to protect yourself from viruses, you need an antivirus, right? Not necessarily. Antivirus programs have many shortcomings, so if you use your head and are willing to rely on your own judgment, you can…
CONTINUE READING 🡒 
Essential Tools for Software Reverse Engineering and Cracking
Every reverse engineer, malware analyst, and researcher eventually develops a personal toolkit of utilities they regularly use for analysis, unpacking, or cracking. In this review, I will share my own version. This will be useful for anyone who hasn’t yet compiled their own…
CONTINUE READING 🡒 
Partying by the pool. Mastering PoolParty process injection techniques
PoolParty is a new type of injections into legitimate processes that abuses Windows Thread Pools, a sophisticated thread management mechanism. Let’s dissect Windows Thread Pools to find out how it can be used for pentesting purposes.
CONTINUE READING 🡒 
Bring Your Own Vulnerable Driver! Meet BYOVD – one of…
Many notorious hacker groups (e.g. North Korea’s Lazarus) use the BYOVD attack to gain access to kernel space and implement complex advanced persistent threats (APTs). The same technique is employed by the creators of the Terminator tool and various encryptor operators. This paper discusses BYOVD operating…
CONTINUE READING 🡒 
Agent Tesla: Reversing combat malware in Ghidra
Recently I encountered an interesting piece of malware called Agent Tesla. It’s still widespread and actively used by cybercriminals (the analyzed sample was dated 2023). Let’s dissect this remote access trojan and find out what’s hidden inside it.
CONTINUE READING 🡒 
Threadless Injection. Injecting shellcode into third-party processes to circumvent EDR
This article discusses Threadless Injection: a technique making it possible to make injections into third-party processes. At the time of writing, it effectively worked on Windows 11 23H2 x64 running on a virtual machine isolated from the network with OS security features enabled.
CONTINUE READING 🡒 
Process Ghosting. Circumvent antiviruses in the most dangerous way
One of the main priorities for hackers is to hide the execution of their malicious code. This article explains how to start processes using the Process Ghosting technique and discusses operation principles of malware detection systems.
CONTINUE READING 🡒 
Disassembling REvil. The notorious ransomware hides WinAPI calls
Some unknown hackers have recently attacked Travelex foreign exchange company using REvil ransomware. This trojan employs simple but efficient obfuscation techniques that conceal its WinAPI calls from the victim. Let's see how the encoder works.
CONTINUE READING 🡒 
“Luke, I am your fuzzer”. Automating vulnerability management
Fuzzing is all the rage. It is broadly used today by programmers testing their products, cybersecurity researchers, and, of course, hackers. The use of fuzzers requires a good understanding of their work principles. These top-notch tools make…
CONTINUE READING 🡒 
Ghidra vs. IDA Pro. Strengths and weaknesses of NSA’s free…
In March 2019, the National Security Agency of the US Department of Defense (NSA) has published Ghidra, a free reverse engineering toolkit. A couple of years ago, I had read about it on WikiLeaks and was eager…
CONTINUE READING 🡒 
Software für das Cracken von Software. Auswahl von Tools für…
Jeder Reverse Engineer, Malware-Analyst und einfacher Forscher stellt mit der Zeit ein bewährtes Set von Hilfstools zusammen, die er täglich für das Analysieren, Entpacken und Cracken anderer Software verwendet. In diesem Artikel besprechen wir meine. Sie werden…
CONTINUE READING 🡒 Software for cracking software. Selecting tools for reverse engineering
Every reverse engineer, malware analyst or simply a researcher eventually collects a set of utility software that they use on a daily basis to analyze, unpack, and crack other software. This article will cover mine. It will…
CONTINUE READING 🡒