This session covered the basic concept of PE File format which is the native Windows executable file format, good understanding of it will help in reverse engineering and will help in understanding more advanced concepts of packers, loaders etc.
This session covered the concept of Windows Internals. The concept of Windows internals will allow one to understand the working of Windows operating system.
This session will guide you to prepare your lab for malware analysis.
This blog post contains details of Linux Mem Diff Tool, this tool uses Volatility advanced memory forensics framework to run various plugins against the clean and infected Linux memory image and reports the changes. Similar tool to perform diff analysis on the Windows memory images can be found here Why this tool? Many times while […]
This blog post contains the details of detecting the encrypted Gh0st RAT communication, decrypting it and finding malicious Gh0st Rat artifacts (like process, network connections and DLL) in memory. I also present a Volatility (Advanced Memory Forensics Framework) plugin (ghostrat) which detects the encrypted Gh0st RAT communication, decrypts it and also automatically identifies the malicious […]
On Nov 10, 2013 FireEye published a blog about how the latest IE zero day exploit was used in the wild by the APT actors to serve 9002 RAT (aka Hydraq/McRat/Mdmbot). The FireEye blog also mentioned that the threat actors directly injected the payload of 9002 RAT into memory without writing to disk. This technique […]
This is an announcement for the upcoming Cysinfo cyber security community meetup on 28th May 2016 in Bangalore, India. This meet is completely free and doesn’t require any registration or any other formalities to attend. The meet will start at 9:30 AM IST. Here is Schedule of Security Talks: 09:30 – 10:10 Understanding Cryptolocker(ransomware) with a case […]
This is an announcement for the upcoming Cysinfo cyber security community meetup on 30th January 2016 in Bangalore, India. This meet is completely free and doesn’t require any registration or any other formalities to attend. The meet will start at 10 AM IST. Here is Schedule of Security Talks: 10:15 – 11:00 – Breaking into hospital […]
Friendly reminder for the upcoming Cysinfo cyber security community meet on 10th October 2015 in Bangalore, India. This meet is completely free and doesn’t require any registration or any other formalities to attend. The meet will start at 10 AM IST. Here is Schedule of Security Talks: 10:00-10:45 – Partial Homomorphic Encryption – Sreelakshmy and Mythily […]
This is an announcement for the upcoming Cysinfo cyber security community meetup on 23rd May 2015 in Bangalore, India. This meet is completely free and doesn’t require any registration or any other formalities to attend. The meet will start at 10 AM IST. After the meet, we will upload the presentations/videos for our online users to […]