RunPE: How to hide code behind a legit process
RunPE: How to hide code behind a legit process – RunPE is a trick used by some malware to hide code into a legit process. Learn how to detect.
BreakingNews PUP, Study of an aggressive rootkit
PUPs (for potentially unwanted programs) are harmless by design, most of the time. Here we will study a case where such program behaves like a rootkit.
Internet Explorer BHO: A spy in your browser
Internet Explorer extensions (BHO) are a very stealth way to inject code in a web browser. Learn how it works to better prevent further infections.
Userland Rootkits: Part 1, IAT hooks
Userland Rootkits explained. This is the first part of this rootkit writing tutorial in which we will detail the basics about userland rootkits.
KernelMode Rootkits: Part 3, kernel filters
KernelMode Rootkits explained. This is the third part of this rootkit writing tutorial in which we will detail the basics about kernel rootkits.
KernelMode Rootkits: Part 2, IRP hooks
KernelMode Rootkits explained. This is the second part of this rootkit writing tutorial in which we will detail the basics about kernel rootkits.
KernelMode Rootkits: Part 1, SSDT hooks
KernelMode Rootkits explained. This is the first part of this rootkit writing tutorial in which we will detail the basics about kernel rootkits.
Facebook Scams: A look behind the scene
You’ve all seen Facebook posts shared by your friends with attractive titles, waiting for you to click. We’ve clicked for you, and you will be deceived.
Symmi Ransomware Decryption
Anlysis of Win32.Symmi Ransomware – Learn how this ransomware encrypts your files, and how to defeat it to decrypt your personal data.
Remove Zekos (Guide)
Got infected with Zekos malware? Follow this step by step guide to get rid of it. Our guide also includes a short analysis of the malware.