Lenny Zeltser

SEPTEMBER 7, 2017

This cheat sheet outlines tips for reversing malicious Windows executables via static and dynamic code analysis with the help of a debugger and a disassembler. Overview of the Code Analysis Process. Identify strings and API calls that highlight the program’s suspicious or malicious capabilities.

Access 111

Access IT Information Security Security 111

Lenny Zeltser

OCTOBER 13, 2020

REMnux ® offers a curated collection of free tools for reverse-engineering or otherwise analyzing malicious software. For another perspective on the REMnux tools you can use for examining malicious software, see the one-page REMnux Usage Tips cheat sheet.

Information Security 145

Information Security Security 145

Lenny Zeltser

JANUARY 6, 2021

Malware analysis sits at the intersection of incident response, forensics, system and network administration, security monitoring, and software engineering. As someone who’s helped thousands of security professionals learn how to analyze malware at SANS Institute , I have a few tips for how you can get started.

Metadata 145

Metadata IT Access Security 145

Krebs on Security

OCTOBER 12, 2021

Lawrence Abrams of Bleeping Computer writes that the flaw could be used to steal data or install malware, and that soon after Apple patched the bug security researcher Saar Amar published a technical writeup and proof-of-concept exploit that was derived from reverse engineering Apple’s patch.

Security 236

Security Ransomware IT Access 236

eSecurity Planet

NOVEMBER 18, 2021

A payload is a piece of code that executes when hackers exploit a vulnerability. key-loggers) to steal data and other malicious acts. One of the most common attacks is to send emails with an attached.pdf file containing a malicious payload that will install a backdoor. Payloads and Reverse TCP Shell.

Cybersecurity 116

Cybersecurity Access Phishing Security 116

Security Affairs

SEPTEMBER 5, 2022

Following the recent Twilio hack leading to the leakage of 2FA (OTP) codes, cybercriminals continue to upgrade their attack arsenal to orchestrate advanced phishing campaigns targeting users worldwide. EvilProxy actors are using Reverse Proxy and Cookie Injection methods to bypass 2FA authentication – proxyfying victim’s session.

Phishing 99

Phishing Authentication Data collection Sales 99

Lenny Zeltser

MARCH 2, 2019

Here are some of my favorite free Windows tools for examining malicious software in a lab: Behavioral analysis: Process Monitor , ProcDOT , Process Hacker , Wireshark Code analysis: PeStudio , IDA Freeware , x64dbg , Scylla. You can use this connection to update the OS to the latest patch level and install malware analysis tools.

File names 112

File names Access Archiving Passwords 112