Category: Analysis


[Quick Notes] Various network scan types

A pentester performs several types of network scans during a test. These are usually sequential in nature, that is, we proceed with each scan, …


Hack Safaribooks video downloads

Hacking Safaribooks and downloading videos offline

I have a safaribooks account. A few hours back, I was going through a video series on safari & I thought I should download it for offline reference. Makes it easier to study.


[Quick notes] Metasploit payload types

To start with, a vulnerability is a weakness in the target system which creates a security risk – that it can be exploited.
An exploit is a way, …


[Metasploit Pro] Client-side exploitation

This write-up shows how you can get up & running with client-side / phishing assessment using Metasploit Pro 4.0.

Let’s start by creating a new project. …


Analyzing Malware – Manually unpacking the specimen

In continuation to reverse engineering malware series, this is the fifth post. I will recommend that you read my first, second, third and fourth posts to be in sync with whole exercise.

In previous posts, we performed behavioral and code analysis of the malware specimen – slackbot. We identified that the bot executable was packed with UPX packer. Since UPX has native unpacking capabilities as well, we had unpacked the specimen exe and learnt more about its code & operations during code analysis. Subsequently we were able to gain control over the bot.


Analyzing Malware – Patching in the way!

This is in continuation to my previous posts on reverse engineering malware. Therefore, I would strongly recommend that you go through the posts one, two, and three, before moving forth with this one.

If you recall, in the last post, we used disassembling and debugging techniques on the specimen to our utility and successfully identified the correct IRC login password.

But is there a way to simply modify or bypass this whole password protection mechanism in the bot? If authentication process can be controlled, that’d be awesome. So, here it is; this post will show you just that.