Malware's are always getting smarter and trying to outsmart our generic detection methodologies. One of the first ways they avoid detection is by checking if the executing environment is a virtual machine (VM). There are multiple ways to do that. Red Pill by Joanna Rutkowska, verifying memory structures such as Store Interrupt Descriptor Table (SIDT), Store Local Descriptor Table (SLDT), Store Global Descriptor Table (SGDT) and Store Task Register (STR) and checking for well known registry Read more about Antivmdetection: Thwart Virtual Machine Detection!
Since Friday this week has been most eventful because of a malware - Wanacrypt, infecting thousands of computer networks in a jiffy. As speculated, it leveraged a very potent exploit that was made public by the Shadow Brokers. The name of the exploit is ETERNALBLUE, which was used by the Equation Group to exploit a large number of systems right untill Windows 10. List of Equation Group Exploits lists the exploits and their targets. Read more about Wanacrypt: What Do We Know About It As Of Now?
Much has been said about Cuckoo Sandbox over the years - on the older PenTestIT blog and at other places, which means that most of us know what this automated malware analysis system is capable of! The reason behind this post is that a few minutes ago, Cuckoo Sandbox 2.0.0 was released! Read more about Cuckoo Sandbox: An Automated Malware Analysis System!
While there are multiple platform dependent libraries such as pefile, pyelftools, pwntools in Python and objdump and similar tools. Now, there is LIEF, an open source cross platform library to parse, modify and abstract ELF, PE and MachO file formats. Read more about LIEF: Cross-Platform Library to Interact With ELF, PE and Mach-O…