逆向病毒分析
New MetaStealer malvertising campaigns
MetaStealer is a popular piece of malware that came out in 2022, levering previous code base from RedLine. Stealers have become a very hot commodit...
11月黑产组织银狐向财务关联人员投递.chm诱饵文件
前言此类型样本并非首次曝光,但是它涉及技术手法较为丰富且体系化,涉及”jsp、net、C++“三种类型的shellcode。如果你没有木马样本分析经验,也可以简单了解...
From Memory Loading to Everything – Part 1
我接触 Windows 最开始看的两本书是《PE 权威指南》和《Windows 核心编程》,学这两本书的目的也很简单:实现内存加载。我们知道,要实现内存加载,最重要的...
Mirai僵尸网络变种“Aquabot“分析
点击上方'蓝字'关注我们吧!01概述近期,安天CERT捕获到一个Mirai僵尸网络新变种,针对MIPS、ARM和X86等多种架构,利用弱口令感染目标,并等待控制指令进行DD...
Cpp20新特性面试重点
语法糖语法糖是指计算机语言中添加的某种语法,这种语法对语言的功能并没有影响,但是更方便程序员使用。C++也有很多语法糖,比如运算符重载、lambda表达式、...
The Finals SDK与某辅助的驱动注入
最近爆火的一款游戏The finals(最终决战)三测,刚干完苦力的我迫不及待打开我的小霸王准备游玩一番。锁子哥他们来了快跑!俗话说打不过就加入~0x01起初准备用...
Double Extortion Attack Analysis
In early September 2023, ReliaQuest detected suspicious process executions within a customer’s environment, originating from the Windows debug dire...
Ghidra Basics – Identifying, Decoding and Fixing Encrypted Strings
In this post, we will investigate a Vidar Malware sample containing suspicious encrypted strings. We will use Ghidra cross references to analyse th...
木马病毒在网吧快速传播,隐蔽性极强
近期,火绒威胁情报系统监测到一款木马病毒正在网吧快速传播。该病毒被激活后,可接收并执行黑客下发的恶意模块,包括各种广告推广、DNS劫持、URL劫持、刷量...
Unveiling NKAbuse: a new multiplatform threat abusing the NKN protocol
During an incident response performed by Kaspersky’s Global Emergency Response Team (GERT) and GReAT, we uncovered a novel multiplatform threat nam...