Malware Analysis

very simple modifications to a Meterpreter shellcode dropper can be sufficient to bypass modern EDRs

Introduction When I talk about EDRs in this article, I mean a combination of endpoint protection (EPP) and endpoint detection and response (EDR). I also want to define the term “evasion” in the context of EDRs and malware. When I talk about the fact that it is or has been …

Read More »

Malicious Document Analysis [Episode 1]

Before starting the analysis, I’m going to use the following environment and tools: REMnux: Didier Stevens Suite: Malwoverview: Furthermore, it’s always recommended to install Oletools # python -m pip install -U oletools All three tools above are usually installed on REMnux by default. However, if you are using Ubuntu …

Read More »