GitHub

dmore/InflativeLoading-red-convert-native-exe-to-PIC-shellcode

Only a few bytes in the PE header, such as e_lfanew, RVA of Import Directory, are essential to complete the loading process. Therefore, other bytes can be overwritten with random ones to hide PE ...
GitHub

Exploring Zig for writing shellcode

This project started around Christmas and New Year's Eve to learn a new programming language: Zig. A simple hello world program is usually the first hurdle to familiarize yourself with a new language, ...
Microsoft

Shellcode Analysis via MSEC Debugger Extensions

In a previous post we provided some background on the !exploitable Crash Analyzer which was released earlier this year. One of the things that we didn’t mention is that !exploitable is just one of the ...
Threat Post

Attackers Use Event Logs to Hide Fileless Malware

A sophisticated campaign utilizes a novel anti-detection method. Researchers have discovered a malicious campaign utilizing a never-before-seen technique for quietly planting fileless malware on ...
Threat Post

Inside a Malicious PDF Attack

PDFs are widely used business file format, which makes them a common target for malware attacks. On the surface, PDFs are secure, but because they have so many “features,” hackers have learned how to ...
ZDNet

Security firms dismiss English shellcode threat

IT security experts have dismissed a research paper warning about malware that can be hidden within what appears to be plain English prose, noting that this threat is nothing new. In a recent report ...