Discover exploitation methods, exploits development and inner workings and learn about the countermeasures that exists to protect your infrastructure.
Adlice PEViewer is a PE parsing tool helping you in your everyday malware analysis and debugging. Learn how it works and how amazing it can be.
Yara has become a pretty popular standard in the Anti-malware industry to write signatures for malware detections. Many Anti-malware vendors, sandboxes vendors, HIPS vendors, CERTs or IT administrators are using rules to either detect malware based on the file, or to analyze network packets and trigger an alert when something malicious occurs.
Yara is a signature syntax and scanning engine, it’s available with a library or a bunch of scripts. We, at Adlice Software, are specialized in making Yara easy and convenient to use. We are offering a desktop application to write, organize and test your rules into a local database, or in text files.Details
Adlice PEViewer is a tool used by many researchers at Antivirus companies or CERT worldwide in order to perform malware static analysis.
Malicious software sometimes try to hide their goals in order to evade detection and static analysis. By doing so, they leave indicators, metadatas and suspicious modifications behind.
Adlice PEViewer searches, finds and lists these artifacts to help researchers making up their mind on a suspicious file. The tool uses robust PE parser as well as analysis engine and heuristics detections to build these indicators. PEViewer also relies on 3rd party scanners like VirusTotal for which it displays the results. All of this together allows the tool to build severity scores.Details
RunPE: How to hide code behind a legit process – RunPE is a trick used by some malware to hide code into a legit process. Learn how to detect.
Writing and Analysis of a portable executable (PE) infector. Educational tutorial on how to write your own PE infector that remains hidden in the system.
Learn how to modify a portable executable (pe) file to strip all the junk code and keep only the strict minimal bytes to keep it perfectly functional.