PE-sieve is a light-weight tool that helps to detect malware running on the system

PE-sieve is a light-weight tool that helps to detect malware running on the system, as well as to collect the potentially malicious material for further analysis. Recognizes and dumps variety of implants within the scanned process: replaced/injected PEs, shellcodes, hooks, and other in-memory patches. Detects inline hooks, Process Hollowing, Process Doppelgänging, Reflective DLL Injection, etc. uses […]

Read More

Project: x86-devirt

Unpackme — x86 Virtualizer Today, I am going to be going through how x86devirt works to disassemble and devirtualize the behaviour of code obfuscated using the x86virt virtual machine. I needed several tools to complete this task, the development of which will be covered in this article. A code virtualizer protects code behaviour by retargeting […]

Read More

Reverse Engineering Advanced Programming Concepts

BOLO: Reverse Engineering — Part 2 (Advanced Programming Concepts) Preface Throughout this article we will be breaking down the following programming concepts and analyzing the decompiled assembly versions of each instruction: Arrays Pointers Dynamic Memory Allocation Socket Programming (Network Programming) Threading For the Part 1 of the BOLO: Reverse Engineering series, please click here. Please note: While this […]

Read More