Summary In this blog post we’re presenting a detailed analysis of 2 malicious files (a backdoor known as “Travelnet”) linked to an APT (Advanced Persistent Threat) actor called APT21. APT21 , also known as Zhenbao or Hammer Panda, is a group of suspected state sponsored hackers of Chinese origin. According to multiple online sources, that […]
Dissecting APT21 samples using a step-by-step approach Read More »
In this post we’ll see 2 different powershell reflection payloads: a reverse shell and a bind shell. The purpose of the article is to show the differences between them and how we can determine crucial information like the IP address and the port contained in the reverse shell payload and the port which is opened
Powershell scripts used to run malicious shellcode. Reverse shell vs Bind shell Read More »
Step by step presentation of two methods used to exploit a buffer overflow vulnerability in a vulnerable application
Buffer overflow: Vanilla EIP Overwrite and SEH Read More »
A quick introduction of the blog`s topics, collaborators and guidelines. This is a sticky post.
This is the first complete malware analysis of Makop ransomware. The binary is analyzed using IDA disassembler and x32dbg debugger.