Forging malicious DOC, undetected by all VirusTotal static engines
Malware research · 2020-12-24Walkthrough of a maliciously crafted Office document that evaded every static engine on VirusTotal — and what the engines were missing.
Archive
Older technical writeups, preserved.
Posts from the previous version of this site. The technical content is intact; the formatting has been lightly cleaned up. Each post links back to its original URL.
Fusion — Level 06 solution
Reverse engineering · CTF · 2017-11-14Walkthrough and exploit for Level 06 of the Fusion exploitation series. Race conditions, integer overflow, stack overrun.
Fusion — Level 05 solution
Reverse engineering · CTF · 2017-06-14Solution for Level 05 of the Fusion series. Heap spraying, info leak, and ASLR bypass.
Nymaim malware: deep technical dive — adventures in evasive malware
Malware research · 2016-11-02Deep technical dive into the Nymaim banking trojan: anti-analysis tricks, control-flow obfuscation, and the parts that fight back.
Ursnif malware: deep technical dive
Malware research · 2016-11-01Reverse-engineering walkthrough of Ursnif: process injection, sandbox evasion, traffic obfuscation, and a bug in the malware's own DGA.