Cyclic Redundancy Check (CRC) is a widely used error-detecting code that helps ensure the integrity of data during transmission or storage. It is a crucial concept in networking and data communication, making it essential for new IT students to understand how it works and its applications. What is CRC? CRC is a method used to Read More …
Tag: malware
Conference Video – Internet-Scale File Analysis
Malicious file analysis is well beyond the days when the humble PE32 file was all researchers needed to contend with. The use of malicious PDF, Office, and other files present a far more diverse threat than our defensive tools were originally designed to handle. To make matters worse, the sheer volume of files over time Read More …
Conference Video – Automating Malware Analysis for Threat Intelligence
These are the videos from B Sides Augusta 2016:
Malware TV – Reverse Engineering
CTF Field Guide Alex Sotirov, Reverse Engineering 1, Fall 2011
Malware TV – Automatically Extracting Obfuscated Strings from Malware
The FireEye Labs Obfuscated String Solver (FLOSS) is an open-source tool that automatically detects, extracts, and decodes obfuscated strings in Windows Portable Executable (PE) files. Malware analysts, forensic investigators, and incident responders can use FLOSS to quickly extract sensitive strings to identify indicators of compromise (IOCs). Malware authors encode strings in their programs to hide Read More …
UPnP – Its Role in Modern Online Gaming
Universal Plug and Play (UPnP) is a set of networking protocols that simplifies the process of connecting devices on a network. While its primary purpose is to streamline device discovery and communication, UPnP plays a significant role in enhancing the online gaming experience. This article delves into what UPnP is, how it works, and its Read More …
AuKill EDR Post
Summary AuKill is a malicious software, often used by ransomware groups, designed to disable endpoint detection and response (EDR) security solutions on a system, essentially allowing attackers to bypass security measures before deploying ransomware by terminating EDR processes using a vulnerable, outdated driver like the Process Explorer driver from Sysinternals; effectively “killing” the EDR functionality. Key points about Read More …
Hook Chain EDR Kill
Summary Every binary loaded into WIndows, has a list of needed functions and processes in order for it to function properly. THink of a browser, it will use a Windows DLL to resolved the hostname to the IPv4 address and so forth. This Table can be hijacked, so instead of pointing to the appropriate function Read More …
Windows Stuff from GREM Exam
Here are some of the Windows API things that I have on older flashcards that I am adding to this site. Yes. flashcards. I used them to pass my GREM exam from SANS. GetAsychKeyState GetProcAddress Memory Registers EIP