Reverse Engineering
Our efforts in Reverse engineering aids in identifying vulnerabilities, understanding threats, and formulating robust defense mechanisms, making it integral to maintaining a secure and resilient digital environment.
Our efforts in Reverse engineering aids in identifying vulnerabilities, understanding threats, and formulating robust defense mechanisms, making it integral to maintaining a secure and resilient digital environment.
Our focus in malware research involves dissecting and understanding the operation of malicious software. By documenting their behavior and impact, we provide crucial insights that aid in devising effective defensive strategies, contributing to a better understanding and stronger defense against emerging cyber threats.
We offer penetration testing services, identifying vulnerabilities by simulating real-world attacks on your digital infrastructure. Our process uncovers potential threats, providing actionable insights for improved security measures, ensuring robust defense and resilience for your business operations.
Our involvement in open-source focuses on offensive security techniques and tools. We utilize and contribute to community-driven projects. This collaborative approach promotes innovative solutions, ultimately strengthening defense against evolving cyber threats.
Open-Source Application for Comprehensive Search and Exploration of Windows DLL Exported Functions for Malware Research and Analysis.
MoreComprehensive Search Engine for Malware Evasion Techniques (Documentation, Code Snippets, YARA Rules, and More)
MoreGitHub Profile Showcasing Our Open-Source Projects, Proof of Concept (POCs) and Snippets related to Malware and Offensive Security.
MoreComplete and Optimized Remote Desktop Application Entirely Coded in PowerShell (Multi-Screen, Keyboard Sync, Mouse Sync, Clipboard Sync, and More)
MoreMalware Museum: Showcasing the Most Impactful Malware from the 1990s to the Early 2000s. Get Ready to Journey Back to the Golden Age of Malware.
MoreComprehensive C# Project to Understand the Concept of Malware Command and Control (C2) Using FTP as a Communication Channel.
MoreMedium Account Showcasing Our High-Quality Articles focusing on Malware Research, General Information Security and Programming.
MoreSecure remote desktop application for Microsoft Windows entirely written in PowerShell for the server and a cross-platform client.
MoreThe release of version "3.0 Final" signifies the culmination of this project. I will not be adding any further features; the objective of this PoC was to demonstrate the creation of a reliable and secure C2 utilizing FTP(S). You're encouraged to develop your own version with tailored functionalities. As an exercise, you might consider implementing multi-threading tasking to prevent the application from hanging during long-duration tasks.
I will, however, continue to provide support for the project in terms of addressing potential bugs or opportunities for optimization.
1 year, 2 months ago
1 year, 2 months ago
1 year, 2 months ago
Support for encryption has been introduced, utilizing RSA and AES-GCM 256-bit algorithms, to safeguard the integrity and confidentiality of communications between agents and the C2 server.
1 year, 3 months ago
SharpFtpC2 is a small, experimental project aimed at exploring the possibility of using FTP(S) for relaying commands and responses between two remote computers. It employs the FTP protocol as a makeshift tunnel through which the computers, both acting as clients connected to an FTP server, can communicate. A simple session management scheme is used to keep track of the exchange of requests and responses.
1 year, 3 months ago
An alternative version of the code snippet, crafted in Delphi, has been introduced for the "C2 via FTP(S)" technique. This variant expertly demonstrates the employment of the Windows API's from Windows Internet (WinInet) library.
1 year, 3 months ago
A freshly added Unprotect C# code snippet elucidates the implementation of the "C2 via FTP(S)" technique. This example adeptly showcases the utilisation of the .NET Framework's WebRequest and FtpWebRequest classes, illustrating the steps to effectively execute tasks, handle requests, and manage responses through FTP (File Transfer Protocol).
1 year, 3 months ago
In this inaugural instalment of the Malware Retrospective series, we take a trip down memory lane to revisit the Beast RAT, a notorious Windows RAT (Remote Access Trojan) developed by the elusive “Tataye.” This groundbreaking malware left an indelible mark on a whole generation of enthusiasts, including myself, who were captivated by its ingenuity and influence the whole scene back in it’s time.
1 year, 4 months ago
A new version of the unprotect portal has been released with updates including:
FeaturedAPI is a new feature that allows for the mapping of common Microsoft Windows API's used by specific evasion techniques, with the ability to consult the most commonly used API's for each technique and their associated caution level (Low, Medium, High) as well as access to official and unofficial documentation.
The team is also making progress on the sample scanner to match scanned samples to potential fitting techniques.
1 year, 7 months ago
We are thrilled that our new tool, DLest, was featured on the Qualys blog in the "New Tools & Techniques" section for December 2022. Keep an eye out for more exciting updates from us in the future!
1 year, 8 months ago
DLest is a Microsoft Windows application that helps developers and malware analysts analyze and manipulate exported functions in Portable Executable (PE) files, especially DLLs. It allows you to enumerate exported functions using various methods and supports the analysis of memory-loaded modules in real time. It also has the ability to dump a reconstructed version of any module for further analysis. DLest is fully multithreaded and efficient for processing large numbers of PE files. It is useful for developers and malware analysts and streamlines their tasks.
1 year, 8 months ago
1 year, 10 months ago
1 year, 10 months ago
We are excited to announce that our latest tool, PsyloDbg, has been featured in the "Tools & Exploits" section of Bad Sector Labs Blog's Last Week in Security. Stay tuned for more updates and improvements to come from us at PsyloDbg!
1 year, 11 months ago
PsyloDbg is a versatile, user-friendly, and open-source debugger for the Windows platform. It is entirely written in Delphi, and its purpose is to assist malware analysts in their work by providing them with a fast and effective tool. As a result, analysts can save time and improve their response to malware threats.
1 year, 11 months ago
New Unprotect C# Code Snippet added for technique Timestomp
.
This tiny code snippet demonstrate the principle of file time stomping.
Steps:
Additional information:
2 years, 1 month ago
New Unprotect Delphi code snippet added for technique Process Hollowing, RunPE with support of both x86-32 and x86-64 in a single code.
2 years, 2 months ago
New Unprotect Delphi Code Snippet added for technique Checking Mouse Activity
2 years, 3 months ago