Summary IDA Pro does not always get the disassembly, and pseudo-C decompilation correct. When it has an issue, it can manifest in several ways but one thing you may see is a red error message in t...

Summary In FlareVM you will likely have many versions of Python installed. Not all of these are going to be compatible with IDA Pro and you may need to switch which version IDA Pro is looking at. ...

Hex-Rays tips and tricks to IDA Pro Igor Skochinsky of Hex-Rays presents a new IDA Pro tip every week. This is more of a pointer toward a “season 1” compilation of these tips and to the Hex-Rays b...

Table of Contents Executive Summary Actions leading to a DanaBot secondary payload Visual path of execution What gets dropped? IOC’s Technical Analysis ...

Table of Contents Executive Summary Initial binary Infected binaries MITRE Attack Matrix Indicators of Compromise Threat intel insights Technical Anal...

Table of Contents Intro The malware sample used in this blog post The KSA and PRGA functions Observing call into function Key-scheduling algorithm (KSA) KSA identity permutatio...

Table of Contents Intro Attribution My IDA Pro 7.6 plugin scripts (rough conversion of theirs) Details Color coding instructions IAT Resolution The IDA Pr...

Table of Contents Intro The malware sample used in this blog post Visual of observed flows Notable Techniques Hiding strings via single byte pushes to stack Getting DllBase...

Table of Contents Intro The malware sample used in this blog post Dealing with decoded bytes into new memory map Memory allocation and passing control Viewing new bytes in ID...

Intro Sometimes you need to dig a little to really find where the start of malicious code is in a binary. Sometimes it is not obvious from static analysis how exactly code flows to the malicious p...