PCMan FTP Server 2.0 — Remote Buffer Overflow without login“As a practice for me to test my knowledge of exploitation, I decided to find a vulnerable version of programs that has exploits in…Aug 8Aug 8
In-depth analysis of WannaCry series (Part 1)After I got a lot of shares in my last article for Emotet Full Code analysis, I decided to analyze WannaCry ransomware in detail also, my…May 10, 2023May 10, 2023
Emotet Malware Analysis - From Email Phishing to Code AnalysisHow Emotet can phish your company via Emials? How can trick you by document social engineering? How communicate with the C2 Server to…Mar 12, 20231Mar 12, 20231
Resource Section | Malware Analysis From Malware Development Part2a“I’m Here”, Joanap said. Joanap Malware is a remote access tool and a two-stage malware the first stage is a dropper. Based on our Part 2…Feb 5, 2023Feb 5, 2023
Where Am I? |Malware Analysis From Malware Development Part 2.“Where Am I”, Payload said. Where can Malware Writers put the shellcode? And where can Malware Analysts find the payload?Feb 4, 2023Feb 4, 2023
PE Headers DLLs EXEs revision| Malware Analysis from Malware Development Part 1.مراجعه سريعه على البي إي هيدرز وبإذن الله لما أكتب السلسله التالته هنستخدم البي إي هيدرز بشكل متعمق أكثر لكن السلسلة دي مش هيتم استخدام ال…Feb 1, 2023Feb 1, 2023
Malware Analysis from Malware Development Series by Mahmoud NourEldinAssalamu-AlikumJan 30, 2023Jan 30, 2023
PowerLoaderV2 Full Code Analysis | Understanding the main registry key [Part5]This is the most important partJan 16, 2023Jan 16, 2023
PowerLoaderV2 Full Code Analysis | Execute the temp malware file[Part 4].We stopped in this subroutine let’s analyze it:Jan 16, 2023Jan 16, 2023
![PowerLoaderV2 Full Code Analysis | Understanding the main registry key [Part5]](https://miro.medium.com/v2/resize:fill:160:106/1*YpvJi9lShyuscv9uAAhQuA.png)
![PowerLoaderV2 Full Code Analysis | Understanding the main registry key [Part5]](https://miro.medium.com/v2/resize:fill:320:214/1*YpvJi9lShyuscv9uAAhQuA.png)
![PowerLoaderV2 Full Code Analysis | Execute the temp malware file[Part 4].](https://miro.medium.com/v2/resize:fill:160:106/1*6B-SSXz9ZznXhKs5adzzNQ.png)
![PowerLoaderV2 Full Code Analysis | Execute the temp malware file[Part 4].](https://miro.medium.com/v2/resize:fill:320:214/1*6B-SSXz9ZznXhKs5adzzNQ.png)
![PowerLoaderV2 Full Code Analysis| Log file function. [Part 3]](https://miro.medium.com/v2/resize:fill:160:106/1*cioxhfX4S3O24M2sCEGamA.png)
![PowerLoaderV2 Full Code Analysis| Log file function. [Part 3]](https://miro.medium.com/v2/resize:fill:320:214/1*cioxhfX4S3O24M2sCEGamA.png)
