Entries filed under 'Shellcode'
Threat Research Blog
The FireEye Labs team posts blog entries under threat research to present and discuss cyber attacks and threat intelligence from a technical perspective. They cover the full spectrum of exploits and vulnerabilities, including advanced malware and targeted threats.
June 19, 2013 5:00 PM By Jay Smith
IDA Pro comes with an incredibly useful array of type information gathered from various compilers. Whenever a user names a location, IDA searches its currently loaded type libraries to see if that name is a known function. If the function is found, IDA applies the function declaration to that location. For example, Figure 1 shows an array of DWORDS. During reverse engineering, I determined that these are function pointers to MS SDK API functions.Read more...
November 29, 2012 9:48 PM By Jay Smith
In the five years I have been a part of Mandiant's malware analysis team (now formally known as M-Labs) there have been times when I've had to reverse engineer chunks of shellcode. In this post I will give some background on shellcode import resolution techniques and how to automate IDA markup to allow faster shellcode reverse engineering.Read more...
August 25, 2010 4:02 PM By Julia Wolf
This is not anything new and exciting¹, and should hopefully be familiar to some of you reading this. Some time ago I reversed the shellcode from Metasploit's download_exec module. It's a bit different from the rest of the stuff in MSF, because there's no source code with it, and it lacks certain features that the other shellcode[s] have (like being able to set the exit function).Read more...
March 19, 2010 12:17 PM By Julia Wolf