This post shows how to analyze a system infected with a malware that performs Process Hollowing, in order to identify the hollowed process and to extract the malicious image from memory for further analysis. Read more...
This is an in-depth analysis of how Process Hollowing works from the point of view of a malware (and from that of a malware analyst). While reverse-engineering a sample from the Lab 12-2 of the book Practical Malware Analysis, I’ll be showing what Process Hollowing is and how a malware can use this technique to hide itself. Read more...
This is a walkthrough of the Lab 11-2 from the book Practical Malware Analysis. The sample under analysis, Lab11-02.dll, is a user-mode rootkit that performs inline hooking. The analysis of hooking mechanism is very interesting.
Read more...
This is a walkthrough of the Lab 11-1 from the book Practical Malware Analysis. The sample under analysis, Lab11-01.exe, is a credential stealer that performs GINA interception.
Read more...
Intercepting malware traffic with Burp Proxy Read more...
This is a walkthrough on how to create and “harden” a Windows VM on Virtualbox so that it is not easily detected as a VM. Read more...
Analysis of a malicious Word document used to deliver malware via a malspam campaign. Read more...
Setting up an open-source malware analysis lab with Cuckoo. Read more...
This is a walkthrough of the Lab 3-3 from the book Practical Malware Analysis. The sample under analysis, Lab03-03.exe, is hiding itself as another process.
Read more...
This is a walkthrough of the Lab 3-2 from the book Practical Malware Analysis. The sample under analysis, Lab03-02.dll, is a malware that must be installed as a service.
Read more...