obfuscation – Page 13 – WindowsTechs.com

Down the Malware Rabbit Hole: Part II

Posted on November 18, 2019 by Cesar Anjos

In our last post in this series, we took a look at a code snippet that had been encoded in a very specific way — and hidden 91 layers deep.
Today, we’ll reveal how attackers achieve this level of encoding and investigate one of the many po… Continue reading Down the Malware Rabbit Hole: Part II→

Securely unpack malware

Posted on November 14, 2019 by w13rfed

I’m trying to find a way to securely unpack Windows Malware packed with UPX, I need to unpack a lot for analysis so automating the process as much as possible is beneficial.

I’ve found a few methods but I’m not sure on how … Continue reading Securely unpack malware→

Data URLs and HTML Entities in New WordPress Malware

Posted on October 30, 2019 by Denis Sinegubko

Last week, an ongoing WordPress malware campaign started a new wave which included a variety of experimental injection types.
Scripts as Data URLs
The first type looks pretty similar to what we discussed in our recent post.
However, instead of placing… Continue reading Data URLs and HTML Entities in New WordPress Malware→

.WAVs Hide Malware in Their Depths in Innovative Campaign

Posted on October 16, 2019 by Tara Seals

Three different loaders and two payloads are hiding in audio files. Continue reading .WAVs Hide Malware in Their Depths in Innovative Campaign→

.WAVs Hide Malware in Their Depths in Innovative Campaign

Posted on October 16, 2019 by Tara Seals

Three different loaders and two payloads are hiding in audio files. Continue reading .WAVs Hide Malware in Their Depths in Innovative Campaign→

᠎This sentence ‌‌‍᠎isn’t just a sentence

Posted on October 10, 2019 by Sharon Lin

Some sentences have more than meets the eye, and we’re not talking about interpretive nonsense. Rather, some sentences may contain up to four paragraphs’ worth of hidden text, invisible to readers.

Thanks to Zero Width Obfuscation, it is possible to use Zero Width Characters – Unicode characters that are invisible …read more

Continue reading ᠎This sentence ‌‌‍᠎isn’t just a sentence→

How can I obfuscate a 64-bit executable Windows file? [on hold]

Posted on October 9, 2019 by Sopalajo de Arrierez

Hyperion work OK when scrambling/obfuscating win32 files, but I am trying a program that seems to be a Win64 executable, and it fails:

C:\Hyperion>hyperion.exe -v mimikatz.exe output.exe

——————————-
… Continue reading How can I obfuscate a 64-bit executable Windows file? [on hold]→

Does code obfuscation give any measurable security benefit?

Posted on October 9, 2019 by MechMK1

I’ve always firmly held the belief that obfuscation is essentially useless. Obfuscated code is not impossible to read, only harder to read. I had the belief that a sufficiently skilled attacker would be able to bring the obfu… Continue reading Does code obfuscation give any measurable security benefit?→

How can Runtime-Crypters stay FUD

Posted on October 3, 2019 by MenNotAtWork

A Runtime Crypter always works with the same principle: It decrypts its payload, starts up a process in suspended state, inserts the payload and resumes the suspended process under false flag. All this happens with calls to Winapi function… Continue reading How can Runtime-Crypters stay FUD→

Down the Malware Rabbit Hole – Part 1

Posted on October 3, 2019 by Cesar Anjos

It’s common for malware to be encoded to hide itself—or its true intentions—but have you ever given thought to what lengths attackers will go to hide their malicious code?
In our first post in this series, we’ll describe how ba… Continue reading Down the Malware Rabbit Hole – Part 1→