Writing Sarlacc Plugins
Since releasing Sarlacc it has received a lot more attention that I expected. It is still in it’s infancy and even though I work on it as much as I can...
Security analyst and incident responder with no time to blog
Since releasing Sarlacc it has received a lot more attention that I expected. It is still in it’s infancy and even though I work on it as much as I can...
A few months ago I published a blog post on my necurs tracker and in it I described my spam collection setup in my lab. My setup is still very much the...
A few months ago I was trying to decide what my next big side project would be and I decided to set my sights on Necurs. Necurs, for those unfamiliar is a botnet being used largely as a carrier for...
A lof of people have been talking about how it is suspicious that MalwareTech was the first person to find the WannaCry killswitch. I thought that the only people thinking this would be those without experience in reverse engineering or...
I’ve been playing around with r2pipe lately and thought I would do a bit of a write up on how I automated unpacking a Locky sample using r2 over r2pipe. Basically Locky unpacks itself using VirtualAlloc
to allocate...