-
Tale of Code Integrity & Driver Loads
Hello fellow haxers! 🙂 The objective of this post is very simple – Understand how Core Isolation user setting affects the execution flow of driver loading. Enjoy reading. Feel free to ping me if i have made any mistakes in the post! VBS& HVCI HVCI,DriverBlockList and Driver Load When driver blocklist is enabled, system prevents…
-
The Lazy Guide To Reverse RPC
This post is not going to cover in depth details of RPC implementation,for that read the resources mentioned in the Further Reading section. Also RPC programming is not in the scope of this post. We will only discuss concepts needed to reverse RPC client and a server. You might encounter RPC calls in malware code…
-
Analysing a Multi Stager : A case study of QBOT
motivation This is not going to be about QBOT analysis rather a quick \”how-to\” for analysing malwares that employ multiple stages in the infection chain. Recently, in my work, I got a sample (a mal pdf) for analysis, at the time I had no prior information and task was identification. Interestingly initial vector used to…