Recycling Malware Talk
Hi! CactusCon 2017 went off like a hitch. Here is my code and slides from the con. Slides here. Code here. Hack on!
Hi! CactusCon 2017 went off like a hitch. Here is my code and slides from the con. Slides here. Code here. Hack on!
Hiyo! Defcon was awesome this year. It always gives me inspiration for things to blog about. That said, I want to go over something simple today – more VM detection. I’ll be hitting vmware because I have it, also OpenVZ and KVM because that’s what my old hosts worked on. In my humble opinion, the […]
Howdy! With that painful PIN crap behind me, I can finally be creative again. Today I wrote up a keylogger using C++ and DirectX. I normally dislike C++ because of the bloat, but DirectX and C don’t always play nicely. I’ve talked about keyloggers in the past, and even wrote one using traditional means. Traditionally, […]
Hi! Today I’m going to go over more on intel’s PIN, more on cheats, and less on detection since I already covered that. I feel like I’ve spent way too much time on this and it’s a huge turn off against my productivity. And of course, I commit to a talk and it HAS to […]
Hi! I had a drunken inkling last night to update some of my tools last night. Tools that were written poorly that should be written right – with care taken. Example – . I even tried to re-do it, but it still ended up butt ugly That ended up also being ugly and relying on […]
Hey hey hey! Been gone a while, but not forever. I’m back with an update to my crypter. I was on the plane over the Pacific during a long ass flight when it hit me – 2 new ways to evade analysis. Date specific checks Region specific checks I’ve added the functionality to JoeCrypter and […]
If you’re the paranoid type, you don’t deny people are watching – you know they are. You encrypt your drives, use SSL-VPN, tor, proxies, and run tails. If not, then you at least care about privacy or have something to hide. This post is for you people. In the following example, it’s a bit extreme, […]
Herro! It’s been a while, but I’m still kicking. I got some new stuff to talk about. Specifically the binary instrumentation utility ‘PIN’ from Intel. We’re going to go over taking full advantage of this tool to cheat at games, unpack malwarez, and how to detect if your app is being run via PIN. Part […]
http://www.gironsec.com/code/backdoor_dll_talk_files.7z http://www.gironsec.com/code/bd_dll_talk_slides.7z
Here we are finally at the last part of my series on backdooring dll files. I wanted to cover again detours as a means of backdooring dll files and executables. A fellow 2600 member I spoke to asked me the other day about what it would take to modify an exe without changing it on […]