Home
Travis Mathison
Cancel

Manually Unpacking Malware (part 2)

Intro This is a follow on to the first post on this, Manually Unpacking Malware, where I talked about a way to break on the real entry point of a packed malware sample. This is a second technique ...

Manually Unpacking Malware

Intro This post is intended to show one technique that can be used in an attempt to unpack a sample that is suspected to be packed by either a known packer or something unknown or even custom. The...

Digging into obfuscated excel formula code

Intro A large amount of malware that targets businesses is through phishing attacks, and that is no different where I work. We have been getting an influx of excel attachments in phishing document...

Ghidra error: Unable to locate the DIA SDK

Ghidra error on auto-analysis In my flarevm using Windows 10 I have Visual Studio 2019 Community edition installed for building C/C++ programs as needed. When performing the initial auto-analysis ...

Getting Started with Ghidra and FlareVM

Goal This is a quick guide to get you started on installing FlareVM by FireEye and setting up Ghidra for reverse engineering malware. The FlareVM installation is a script you can run that will turn...

OSCE Review

General thoughts With past experience with Offensive Security, the training format was familiar which sped things up a bit for consuming the content. The Offensive Security Certified Expert (OSCE)...

SLAE32: Creating custom crypter shellcode

The blog post has been created for completing the requirements of the SecurityTube Linux Assembly Expert certification: http://securitytube-training.com/online-courses/securitytube-linux-assembly-e...

SLAE32: Creating polymorphic versions of existing shellcode

The blog post has been created for completing the requirements of the SecurityTube Linux Assembly Expert certification: http://securitytube-training.com/online-courses/securitytube-linux-assembly-e...

SLAE32: Analyzing MSF payloads for linux/x86

The blog post has been created for completing the requirements of the SecurityTube Linux Assembly Expert certification: http://securitytube-training.com/online-courses/securitytube-linux-assembly-e...

SLAE32: Creation of custom encoding scheme

The blog post has been created for completing the requirements of the SecurityTube Linux Assembly Expert certification: http://securitytube-training.com/online-courses/securitytube-linux-assembly-e...