9686
Group for Malware Analysts. Pinned message with resources and rules: https://t.me/MalwareResearch/38033
This is what I was looking for:
https://github.com/Malandrone/PowerDecode/
Oh... interesting internals, will have a look. thanks
Читать полностью…
I know and honestly it's unusable. It would be a perfect substitute, but really... we tired many times with different hw setups and it's too buggy to be used in practice.
Moreover, it is shipped with few evasive mitigations... so... long live cape :)
Hi folks, I have an infrastructure running CAPEv2 that "works". It's for research so, we're satisfied :)
Now I need to keep track of the values of the instruction pointer (to measure coverage).
Could you suggest what to use?
I tried the built-in debugger but it's really too slow.
Otherwise, do you know any of the main developers and could you put me in touch?
There is Yara matching in case you aren't aware...
Читать полностью…
Hey guys do you know where can I learn more about values returned in the stack after an exception occurred? I’m working with a sample with custom sehandler which access to structure using the esp so I want lo learn more about it
Читать полностью…
it lookjs like the file inside has password, and i don't know it :(
Читать полностью…
For those who reverse engineer, please take 3 minutes of your time to fill in a survey I'm conducting: https://forms.gle/3h2CsFhpMdKPssve9
More context:
My name is Max 'Libra' Kersten and I'm a malware analyst. This survey will collect the answers you provide without the need for any personal information. The goal of this survey is to get a better understanding of the workflow of other reverse engineers. The results will be shared back with the community in the future, allowing us all to benefit.Читать полностью…
If you have any questions, please do reach out to me on Twitter or LinkedIn.
The survey itself shouldn't take you more than a couple of minutes. Thank you for your time!
Hello ky_giorgos, welcome to the Malware Research group! Please read the pinned message before you post!
Читать полностью…
Its a message to get people to look at the profile, which is a crypto scam
Читать полностью…
The source code of the driver is not available :(
https://github.com/cert-ee/cuckoo3/issues/6
Hahaha ok. I am sorry, I don't know what you are doing. I have some interesting ideas and I am looking forward to seeing your work and results. Are you going to share?
Cuckoo3 is picking up speed recently also. They moved away from agent.py to kernel driver, maybe you can use and contribute there
Do you know drakvuf? Have a quick look and see if it could better fit your needs
Читать полностью…
Anyone could suggest some dorks for VT, so as to find malware for RE from newly submitted samples.
Читать полностью…
hi guys, does someone can please share with me this sample?
3e410397955d5a127182d69e019dbc8bbffeee864cd9c96e577c9c13f05a232f
https://www.virustotal.com/gui/file/3e410397955d5a127182d69e019dbc8bbffeee864cd9c96e577c9c13f05a232f/summary
Hi I'm new to malware research. What's best software to reverse malware
Читать полностью…
Hello Coliday, welcome to the Malware Research group! Please read the pinned message before you post!
Читать полностью…
Hello! Can someone share with me this sample?
d7ba57d09945192105625366fdd211600f2b955d529e75cf099ea322f497689f
https://www.virustotal.com/gui/file/d7ba57d09945192105625366fdd211600f2b955d529e75cf099ea322f497689f/relations