Have you ever wondered what lies behind our security publications? What tricks are used to understand the inner workings of malware faster and more efficiently? If you’ve ever wanted to know the answers to these questions, pull up in a chair and get comfortable; you’re in the right place.... Click to Read More
Imagine this scenario: you’re researching a malware sample which starts its execution with unpacking the archive (usually RAR or ZIP one) which came with a suspicious email and launching an AutoIT script stored... Click to Read More
Research By: Slava Makkaveev Trusted Execution Environment TrustZone is a security extension integrated by ARM into the Corex-A processor. This extension creates an isolated virtual secure world which can be used by the... Click to Read More
In this part we show how to deal with obfuscated Windows API calls in Ngioweb malware using Labeless and x64dbg without reconstructing API-resolving algorithm. If you’re new to all this Labeless stuff, though,... Click to Read More
In this part we show how to decrypt strings present in the module of Boleto malware – without reconstructing the decryption algorithm. If you’re new to all this Labeless stuff though, please refer... Click to Read More
In this part of our Labeless series, we will discuss the theory behind Labeless scripting. If, however, you’re new to all this Labeless stuff, please refer to the previous articles in this series... Click to Read More
In this part we show how to automatically resolve all WinAPI calls in malicious code dump of LockPoS Point-of-Sale malware. Instead of manually reconstructing a corrupted Import Address Table we simply extract a... Click to Read More
In this part we will be guiding you through the installation of Labeless. Post install steps to verify that installation was done correctly are also provided below. Of course, if you’re new to... Click to Read More
Labeless, a plugin for both IDA and popular debuggers, is an invaluable tool in the researcher’s tool kit. In this first part of a four part series, we will be mainly introducing Labeless... Click to Read More
Research by: Ben Herzog (updated December 2018) Required Background: Basic experience with virtual machines, i.e. creating a VM and installing an OS. The most technically involved it gets is setting up a... Click to Read More
In our malware laboratory sandbox, we emulate a large number of samples each day. These emulations provide a lot of useful information, such as IoCs (Indicators of Compromise), that we use to... Click to Read More
Check Point Software Blog