Avast WEBforum
Other => Non-Avast security products => Topic started by: Michael (alan1998) on November 30, 2019, 03:01:33 AM
-
https://www.youtube.com/watch?v=3BQKpPNlTSo
-
Hi Michael (alan1998),
Read here: https://sevrosecurity.com/checklists/windows-priv-esc
Time for fuzzing and reverse engineering: https://github.com/AonCyberLabs/Windows-Exploit-Suggester
but leave your white hat on, always.
Welcome to the world of trons, unpacking of packed DOS binaries, as malcreants usually do not give explanations as how they create their malware, so reverse engineering can bring welcome insights. I am an adept of the much missed F.R.A.V.I.A (R.I.P), a well-known reverse engineer before he left that for searchlores guru instructions ( Fravia stated that a good searcher can be more dangerous than any evil hacker).
Read: www.darkridge.com/~jpr5/mirror/fravia.org/projunpa.htm etc.
Windows based on DOS, so unpack packed DOS binairies with DOSBox debugger:
https://www.codejuggle.dj/unpack-dos-binaries-dosbox-debugger/
polonus
P.S. Like to analyze through Snort what I am up against also under Windows,
therefore I use Snort Analyzer with Wireshark for instance.
read: https://asecuritysite.com/forensics/snort?fname=dnslookup.pcap&rulesname=rulesdns.rules
Damian
-
Here we have an IDS example for a malicious library presented as jQuery.js
SNYK report: https://snyk.io/test/npm/jquery.js/1.0.2
Examples in the real digital wild: https://maltiverse.com/search;query=jquery.js;page=1;sort=query_score
This happens when you are dealt to believe something to be the one thing
and it turns out to be something completely different (malware).
Actually jQuery.js as nemucod ransomeware as example: https://maltiverse.com/sample/e13d6e7e7f66c8a14c769f0ef519b11f54914f57a8f7666b4198f57df7a29502
polonus