Welcome to Official Course Blog
Developed for those looking to further enhance their skills in the Malware Analysis/Reverse Engineering field
Twitter: @VK_Intel, @0verfl0w_, @sysopfb
Interactive Analysis with ANY.RUN
ANY.RUN is undoubtedly one of my favourite tools when I am investigating a sample of malware. Whether it’s for searching for additional samples, trying to get a basic overview of malware functionality, or even gathering IOC’s, ANY.RUN is an extremely useful asset to have in your malware analysis arsenal. The aim of this post is…
DBatLoader/ModiLoader Analysis – First Stage
Reversing the First Stage I don’t typically tend to reverse engineer Delphi binaries, as most of the malicious software written in Delphi is actually the wrapper/packer for the main payload written in something like C/C++. However, scrolling through Twitter one day, I noticed @abuse.ch replying to a tweet about a somewhat unknown loader currently spreading…
De-crypting a TrickBot Crypter
Introduction TrickBot has utilized their own crypting service for some time now and it has been frequently updated over time. The latest version utilizes RC4 with a twist and is also a perfect example for writing a simple unpacker while at the same time being forced to analyze a slightly modified encryption routine. Static Analysis…
Zero2Automated Blog 