Chasing Necurs: The Beginning

A few months ago I was trying to decide what my next big side project would be and I decided to set my sights on Necurs. Necurs, for those unfamiliar is a botnet being used largely as a carrier for...

Read More

Generic Unpacking with r2pipe

I’ve been playing around with r2pipe lately and thought I would do a bit of a write up on how I automated unpacking a Locky sample using r2 over r2pipe. Basically Locky unpacks itself using VirtualAlloc to allocate...

Read More