Code Injection and API Hooking Techni...

Code Injection and API Hooking Techniques
Hooking covers a range of techniques used for many purposes like debugging, monitoring, intercepting messages, extending functionality etc. Hooking is also used by a lot of rootkits to camouflage themselves on the system. Rootkits use various hooking techniques when they have to hide a process, hide a network port, redirect file writes to [...]

Announcement – SecurityXploded ...

Announcement – SecurityXploded Security Meet and Mentorship Programme
From the past two years we are working actively on couple of projects to support the security community. As you all may already know that we have successfully completed our reversing and malware analysis training programme and we are very glad that it was very helpful for everyone. In my opinion the success of any ...

Advanced Malware Analysis Training Se...

Advanced Malware Analysis Training Session 11 – (Part 2)  Dissecting the HeartBeat RAT Functionalities
Here is the quick update on this month’s Local Security meet (SX/Null/G4H/owasp) and our advanced malware training session on (Part 2) Dissecting the HeartBeat  RAT Functionalities   This is part of our FREE ‘Advanced Malware Analysis Training’ series started from Dec 2012.       In this extended ses [...]

Advanced Malware Analysis Training Se...

Advanced Malware Analysis Training Session 10 – (Part 1) Reversing & Decrypting Communications of HeartBeat RAT
  Here is the quick update on this month’s Local Security meet (SX/Null/G4H/owasp) and our advanced malware training session on (Part 1) Reversing & Decrypting Communications of HeartBeat RAT This is part of our FREE ‘Advanced Malware Analysis Training’ series started from Dec 2012.       In this e [...]

Our Local Security Meet [19th October...

Our Local Security Meet [19th October 2013] – Bangalore
Talks: 09:30 - 10:00:  WebSockets for Beginners - Prasanna K WebSockets is definitely one of the brighter features of HTML5. It allows for easy and efficient real-time communication with the server,. It's very useful when you're developing an interactive application like chat, game, real time reporting system etc. From a security standpo [...]

Detailed Overview and Internals of PE...

Detailed Overview and Internals of PE File
A win32 portable executable(PE) file consists of: DOS Header, PE Header, Section Table, Sections. Analyzing a PE file gives us a lot of information like the address in memory where the file will be located (ImageBase), address of entry point, imported and exported functions, packed or unpacked etc. Thus this static analysis can indicate wh [...]

Using PEB to Get Base Address of Kern...

Using PEB to Get Base Address of Kernelbase.dll
Process Environment Block (PEB) is a user mode data structure which applies over a whole process. It is designed to be used by the application-mode code in the operating system libraries, such as NTDLL.dll, Kernel32.dll. Through the use of PEB one can obtain the list of loaded modules, process startup arguments, ImageBaseAddress, heap addr [...]

SEH Exploitation to Get Shell Access

SEH Exploitation to Get Shell Access
  Structured Exception Handling is a mechanism for handling both hardware and software exceptions in Windows OS. Structured exception handling enables us to have complete control over the handling of exceptions and it also provides support for debuggers as well. SEH exploitation is based on stack buffer overflow technique. It become [...]

Our Local Security Meet [14th Septemb...

Our Local Security Meet [14th September 2013] – Bangalore
Talks: 09:30 - 10:15:  Webworkers for Beginners - Prasanna K Web workers are long-running scripts that are not interrupted by user-interface scripts (scripts that respond to clicks or other user interactions). Keeping such workers from being interrupted by user activities should allow Web pages to remain responsive at the same time as th [...]

Bamital Analysis using Malpimp and Py...

Bamital Analysis using Malpimp and Pymal
A couple of months ago, I released my two new tools Malpimp and PyMal for malware analysis. Malpimp aims at API tracing and PyMal is a general purpose malware analysis tool. In this blog I will discuss how to use both of them in malware analysis. As a case study I am using Bamital botnet ...

Just Launched – SecurityTrainings

Join Mailing List

Get direct access to our expert trainers or mingle with like minded security folks in our mailing list


Follow us on Facebook