Blog
Articles
Tutorials and notes with Markdown, syntax-highlighted code blocks, and LaTeX math when we need it.
Initial Static Analysis of a Suspicious svchost.exe Using Ghidra
When dealing with suspicious executables masquerading as system files, a careful static analysis phase is essential before jumping into behavioral tests. We recently looked at a rogue svchost.exe sample to demonstrate how to safely extract, import, and configure it for initial triage in Ghidra. Here’s a breakdown of the import process and the key analyzer options you need to set up for a smoother reverse engineering workflow.
Intercepting Malware Network Traffic: A Lab Walkthrough using Fiddler, iptables, and Remnux
Setting up a secure environment to observe malware network behavior is a critical skill for any reverse engineer. In this walkthrough, we examine a sample known as "GetDown," demonstrating how to use Fiddler alongside a Remnux VM to intercept, redirect, and analyze malicious HTTP requests. This hands-on approach reveals exactly what the malware is trying to download and communicate with, without exposing your host network.
Intercepting Encrypted C2 Traffic with INetSim and REMnux
Ever wonder what malware does behind the scenes when it thinks no one is watching? In this hands-on lab teardown, we analyze a self-deleting malicious payload, bypass its encrypted network traffic hurdles, and trick it into revealing its secondary download stages using REMnux and INetSim.
Reverse Engineering Malware: Catching 'brbbot' in the Act with x64dbg & CyberChef
Watch over a researcher's shoulder as we dissect the brbbot malware. Learn how to use x64dbg, Process Hacker, and CyberChef to intercept file reads, track API handles, and decode XOR-obfuscated payloads to reveal the malware's evasion tactics.
Deconstructing the Blueprint: A Step-by-Step Guide to Dynamic Malware Analysis
Step inside the isolated sandbox. Learn how to securely configure host-only virtual environments, trick malicious code using FakeDNS, and capture runtime footprints with Process Monitor and Wireshark.
Unmasking the Malware: A Step-by-Step Guide to Reverse Engineering Malicious
Malicious Windows shortcuts are a favorite tool for attackers looking to sneak onto your system undetected. Dive deep as we dissect a live sample using Wireshark, Process Hacker, and PE Studio to reveal exactly what's hidden inside.
Building an Isolated Malware Analysis Lab: Step-by-Step Network Configuration in VMware
Want to dive into malware analysis without risking your primary machine? Discover how to properly configure an isolated, host-only network between Windows and Linux VMs to securely analyze threats and capture live traffic using Wireshark.
The Ultimate Reverse Engineering & Malware Analysis Resource Stack
A curated guide to the best reverse engineering and malware analysis resources, including learning paths, tools, malware sample repositories, sandboxes, threat intelligence platforms, and hands-on practice labs for beginners and advanced analysts.