Android Malware Vultur Expands Its Wingspan Permalink
Company blog post where I dive into Vultur’s latest developments.
Posts by year
2024
2023
From ERMAC to Hook: Investigating the technical differences between two Android malware variants Permalink
The blog post that I worked on during my graduation internship has been published! You can read it on the Fox-IT blog or on the NCC Group blog.
Retrospect and future plans - Pt. 3
“new year, new me”
2022
Retrospect and future plans - Pt. 2
A new job, graduation internship, a shift of focus towards Android malware analysis, and more… It’s been about 6 months since I posted one of these, so I gue...
Practical Malware Analysis - Lab 12 write-up
Covert malware launching is the subject of Chapter 12, and discusses some of the many techniques that malware authors have developed to blend their malware ...
Practical Malware Analysis - Lab 11 write-up
Chapter 11 - “Malware Behavior” is the first chapter of part 4 in the Practical Malware Analysis book. Part 4 is all about malware functionality. Chapter 11...
Practical Malware Analysis - Lab 10 write-up
Kernel Debugging with WinDbg is the subject of Chapter 10. From this chapter I learned: How to set-up kernel debugging on a VM Useful commands for kern...
Practical Malware Analysis - Lab 9 write-up
Since Chapter 8 did not include any lab assignments, we continue this series with Chapter 9: OllyDbg. From this Chapter we (obviously) learned about OllyDbg...
Practical Malware Analysis - Lab 7 write-up
Chapter 7 of the Practical Malware Analysis book covers some unique ways that malware uses Windows functionality. The chapter starts off with an overview of...
Practical Malware Analysis - Lab 6 write-up
Chapter 6 is all about recognizing C code constructs in x86 assembly. A code construct defines a functional property within code but not the details of its ...
Practical Malware Analysis - Lab 5 write-up
The third chapter to contain lab assignments is Chapter 5: “IDA PRO”. As the name suggests, this chapter discusses the use of the Interactive Disassembler t...
Practical Malware Analysis - Lab 3 write-up
Chapter 3 of the Practical Malware Analysis book is the second chapter to contain lab assignments. Chapter 3 is all about basic dynamic analysis, and is des...
Practical Malware Analysis - Lab 1 write-up
Practical Malware Analysis is a book that is often recommended by people that perform malware analysis. I’ve recently started reading this book and it’s bee...
Reversing an Emotet MalDoc
Malicious Word documents are extremely common nowadays, and are usually the cause of most malware infections as a result of succesful phishing. Some malware ...
Retrospect and future plans - Pt. 1
It’s been a while… Since I haven’t been active on my blog in the past two months: this is going to be more of a random post, describing things that have happ...
Reproducing the Log4Shell vulnerability (CVE-2021-44228)
Introduction In this blog post we will be diving into the necessary steps to reproduce the Log4Shell vulnerability (CVE-2021-44228). Log4Shell is a software ...
How to conduct a Social Engineering pentest
What is Social Engineering? Social Engineering can be defined as follows: “Influencing a person to take an action that benefits the influencer”. Other defini...
Alternate Data Streams
What are Alternate Data Streams? An Alternate Data Stream (ADS) is a file attribute in NTFS (the main file system format in Windows). Files and folders withi...