Discover exploitation methods, exploits development and inner workings and learn about the countermeasures that exists to protect your infrastructure.
Adlice PEViewer is a PE parsing tool helping you in your everyday malware analysis and debugging. Learn how it works and how amazing it can be.
Yara has become a pretty popular standard in the Anti-malware industry to write signatures for malware detections. Many Anti-malware vendors, sandboxes vendors, HIPS vendors, CERTs or IT administrators are using rules to either detect malware based on the file, or to analyze network packets and trigger an alert when something malicious occurs. Yara is a…
Adlice PEViewer is a software used by many researchers at Antivirus companies or CERT worldwide in order to perform malware static analysis. Malicious software sometimes try to hide their goals to evade detection and static analysis. By doing so, they leave indicators, metadatas and suspicious modifications behind. Adlice PEViewer searches and lists these artifacts to…
RunPE: How to hide code behind a legit process – RunPE is a trick used by some malware to hide code into a legit process. Learn how to detect.
Writing and Analysis of a portable executable (PE) infector. Educational tutorial on how to write your own PE infector that remains hidden in the system.
Learn how to modify a portable executable (pe) file to strip all the junk code and keep only the strict minimal bytes to keep it perfectly functional.