Infected PDF : How to Extract the payload ?
Infected PDF: Extract the payload – Infected PDFs have always been a popular way to infect computers, learn how it malicious PDF files are built.
RunPE: How to hide code behind a legit process
RunPE: How to hide code behind a legit process – RunPE is a trick used by some malware to hide code into a legit process. Learn how to detect.
BreakingNews PUP, Study of an aggressive rootkit
PUPs (for potentially unwanted programs) are harmless by design, most of the time. Here we will study a case where such program behaves like a rootkit.
Internet Explorer BHO: A spy in your browser
Internet Explorer extensions (BHO) are a very stealth way to inject code in a web browser. Learn how it works to better prevent further infections.
Userland Rootkits: Part 1, IAT hooks
Userland Rootkits explained. This is the first part of this rootkit writing tutorial in which we will detail the basics about userland rootkits.
KernelMode Rootkits: Part 3, kernel filters
KernelMode Rootkits explained. This is the third part of this rootkit writing tutorial in which we will detail the basics about kernel rootkits.
KernelMode Rootkits: Part 2, IRP hooks
KernelMode Rootkits explained. This is the second part of this rootkit writing tutorial in which we will detail the basics about kernel rootkits.
KernelMode Rootkits: Part 1, SSDT hooks
KernelMode Rootkits explained. This is the first part of this rootkit writing tutorial in which we will detail the basics about kernel rootkits.
Business frauduleux sur Facebook : Un regard dans les coulisses
Nous avons tous eu des posts Facebook partagés par nos amis avec un titre attractif, incitant au clic. Nous avons cliqué pour vous, vous allez être déçus.
Symmi Ransomware Decryption
Anlysis of Win32.Symmi Ransomware – Learn how this ransomware encrypts your files, and how to defeat it to decrypt your personal data.