In a previous post we provided some background on the !exploitable Crash Analyzer which was released earlier this year. One of the things that we didn’t mention is that !exploitable is just one of the ...

SHAREM is a shellcode analysis framework, capable of emulating more than 20,000 WinAPIs and virutally all Windows syscalls. It also contains its own custom disassembler, with many innovative features, ...

Initial analysis of payload with libemu: Using libemu to discover what is the task of the shellcode. The following command will provide a very verbose trace of execution, the output from which will be ...

In my previous post on detecting and investigating Meterpreter’s Migrate functionality, I went down a rabbit hole on the initial PowerShell attack spawned by and Excel macro. In that payload was a bit ...

Although the design and implementation of polymorphic shellcode has been covered extensively in the literature [8, 18, 7, 16, 6, 13, 14], and several research works have focused on the detection of ...

Abstract: Shellcodes are malicious code fragments which are usually executed after exploitation of particular vulnerability. Such shellcodes can be packed within a binary in a form of payload and ...

Remote code injection attacks against network services remain one of the most effective and widely used exploitation methods for malware propagation. In this paper, we present a study of more than 1.2 ...