Analysis of King Ouroboros Ransomware
King Ouroboros is a family of ransomware that encrypts files and appends the .[id=XXXXXXXXXX][[email protected]].limbo extension and drops ransom note file Read-Me-Now.txt.
King Ouroboros is a family of ransomware that encrypts files and appends the .[id=XXXXXXXXXX][[email protected]].limbo extension and drops ransom note file Read-Me-Now.txt.
This is a quick walk-through for Saycure Beginner CTF challenge (a.exe). There were two samples provided one was windows binary and other UNIX binary.
Jacksbot is a multi-platform backdoor which can run on multiple operating systems as it is a java application. Jacksbot can also be quoted as a RAT (Remote Access Tool) as it has abilities to connect to a command and control server. It has a limited set of commands associated but is enough to make a […]
NetWiredRC is a trojan used by APT33 group which allows remote unauthorized access and control of an affected computer. An attacker can perform more than 100 different actions on an infected computer using this remote access tool. This article includes analysis of entire command and control structure of the malware. In this specific version of […]
Here is a video showing how to solve SayCure’s CTF challenge capture madagascar.
This is a quick walkthrough for MalwareTech’s Beginner Malware Reversing CTF challenge Virtual Machine 1(vm 1).
This is quick walkthrough for MalwareTech’s challange shellcode 2. It is quite similar to shellcode 1 but gets a little deep.
This is a quick walkthrough for Shellcode 1, one of the static analysis challanges by MalwareTech.
This is a walkthrough for MalwareTech’s Static Analysis Challange for beginners. The first two challanges strings 1 and strings 2 are pretty simple and don’t require a walkthrough. Strings 3 is also quite easy but it is not so easy for complete beginners without proper tools and understanding.
In this blog post I am going to show you how to manually unpack any packed executables. Malware authors and other commercial software authors pack their executables to make them unreadable and to make it difficult for analyst/reverse engineers to analyse and reverse the application. But anyhow the application will have to unpack itself in […]
There is always something that might go wrong because of a simple mistake while analysing a malicious sample. You should always be careful as it might get you in some serious troubles. In this blog post, I will try to mention all the precautions you should take to remain on the safer side and some […]
In this blog, we will be looking at how the loops are represented in lower assembly language. Here we will take some simple to complex programs in Higher level language like C/C++ and compile them to create an executable. We will then disassemble the executable to analyse how different loops are represented or optimized by […]