There are a lot of Portable Executable (PE) file explorers in the market - both professional and free. Most of them have similar features but only some of them play well on Microsoft Windows as well as *NIX platform. One such tool that is quickly becoming my favourite is PPEE short for Professional PE File Explorer. It is VERY portable and handles well even on Kali! Read more about PPEE: A Professional PE File Explorer!
Malware Analysis Archives:
Malware's are always getting smarter and trying to outsmart our generic detection methodologies. One of the first ways they avoid detection is by checking if the executing environment is a virtual machine (VM). There are multiple ways to do that. Red Pill by Joanna Rutkowska, verifying memory structures such as Store Interrupt Descriptor Table (SIDT), Store Local Descriptor Table (SLDT), Store Global Descriptor Table (SGDT) and Store Task Register (STR) and checking for well known registry Read more about Antivmdetection: Thwart Virtual Machine Detection!
Since Friday this week has been most eventful because of a malware - Wanacrypt, infecting thousands of computer networks in a jiffy. As speculated, it leveraged a very potent exploit that was made public by the Shadow Brokers. The name of the exploit is ETERNALBLUE, which was used by the Equation Group to exploit a large number of systems right untill Windows 10. List of Equation Group Exploits lists the exploits and their targets. Read more about Wanacrypt: What Do We Know About It As Of Now?
Docker containers are the future! It surely seems so from the myriad projects that are being 'dockerized'! One such cool project is Docker IDA, your answer for large scale reverse engineering, which allows you to run IDA Pro disassembler in Docker containers for automating, scaling and distributing the use of IDAPython scripts. Read more about Docker IDA: The Large Scale Reverse Engineering System!
Much has been said about Cuckoo Sandbox over the years - on the older PenTestIT blog and at other places, which means that most of us know what this automated malware analysis system is capable of! The reason behind this post is that a few minutes ago, Cuckoo Sandbox 2.0.0 was released! Read more about Cuckoo Sandbox: An Automated Malware Analysis System!
While there are multiple platform dependent libraries such as pefile, pyelftools, pwntools in Python and objdump and similar tools. Now, there is LIEF, an open source cross platform library to parse, modify and abstract ELF, PE and MachO file formats. Read more about LIEF: Cross-Platform Library to Interact With ELF, PE and Mach-O…