-
Stack Manipulation via Hardware breakpoint & Direct Syscall Execution
x86 Stack Primer In this section we will quickly go over x86 stack working. The scenario is main() calls function A(), then A() calls B(). Lets see how this affects the stack. The above image is very generic in nature and calling convention is not taken into consideration. Process Overview Spoofing return address Below image…
-
Analysing a Multi Stager : A case study of QBOT
motivation This is not going to be about QBOT analysis rather a quick \”how-to\” for analysing malwares that employ multiple stages in the infection chain. Recently, in my work, I got a sample (a mal pdf) for analysis, at the time I had no prior information and task was identification. Interestingly initial vector used to…