The FireEye Labs Obfuscated String Solver (FLOSS) is an open-source tool that automatically detects, extracts, and decodes obfuscated strings in Windows Portable Executable (PE) files. Malware analysts, forensic investigators, and incident responders can use FLOSS to quickly extract sensitive strings to identify indicators of compromise (IOCs). Malware authors encode strings in their programs to hide Read More …
Tag: malware
UPnP :: Its Role in Modern Online Gaming
Universal Plug and Play (UPnP) is a set of networking protocols that simplifies the process of connecting devices on a network. While its primary purpose is to streamline device discovery and communication, UPnP plays a significant role in enhancing the online gaming experience. This article delves into what UPnP is, how it works, and its Read More …
AuKill EDR Post
Summary AuKill is a malicious software, often used by ransomware groups, designed to disable endpoint detection and response (EDR) security solutions on a system, essentially allowing attackers to bypass security measures before deploying ransomware by terminating EDR processes using a vulnerable, outdated driver like the Process Explorer driver from Sysinternals; effectively “killing” the EDR functionality. Key points about Read More …
Hook Chain EDR Kill
Summary Every binary loaded into WIndows, has a list of needed functions and processes in order for it to function properly. THink of a browser, it will use a Windows DLL to resolved the hostname to the IPv4 address and so forth. This Table can be hijacked, so instead of pointing to the appropriate function Read More …
Windows Stuff from GREM Exam
Here are some of the Windows API things that I have on older flashcards that I am adding to this site. Yes. flashcards. I used them to pass my GREM exam from SANS. GetAsychKeyState GetProcAddress Memory Registers EIP