Welcome to Official Course Blog

Developed for those looking to further enhance their skills in the Malware Analysis/Reverse Engineering field

Twitter: @VK_Intel, @0verfl0w_, @sysopfb

Interactive Analysis with ANY.RUN

ANY.RUN is undoubtedly one of my favourite tools when I am investigating a sample of malware. Whether it’s for searching for additional samples, trying to get a basic overview of malware functionality, or even gathering IOC’s, ANY.RUN is an extremely useful asset to have in your malware analysis arsenal. The aim of this post is…

DBatLoader/ModiLoader Analysis – First Stage

Reversing the First Stage I don’t typically tend to reverse engineer Delphi binaries, as most of the malicious software written in Delphi is actually the wrapper/packer for the main payload written in something like C/C++. However, scrolling through Twitter one day, I noticed replying to a tweet about a somewhat unknown loader currently spreading…

De-crypting a TrickBot Crypter

Introduction TrickBot has utilized their own crypting service for some time now and it has been frequently updated over time. The latest version utilizes RC4 with a twist and is also a perfect example for writing a simple unpacker while at the same time being forced to analyze a slightly modified encryption routine. Static Analysis…