Embee Research (Page 3)

Ghidra Tutorials

Malware Unpacking With Hardware Breakpoints - Cobalt Strike Shellcode Loader

Unpacking a simple Cobalt Strike loader using Debuggers and Hardware breakpoints.

Malware Analysis Guides

Malware Unpacking With Memory Dumps - Intermediate Methods (Pe-Sieve, Process Hacker, Hxd and Pe-bear)

Demonstrating three additional methods for obtaining unpacked malware samples. Using Process Hacker, Pe-sieve, Hxd and Pe-bear.

Malware Analysis Guides

How to Use Process Hacker and DnSpy to Unpack .NET Malware

Unpacking an Asyncrat loader using Process Hacker and Dnspy

Malware Analysis Guides

Remcos Downloader Analysis - Manual Deobfuscation of Visual Basic and Powershell

Decoding a Remcos Loader, leveraging regex, python and Cyberchef to identify IOCs.

Malware Analysis Guides

Understanding and Improving The Ghidra UI for Malware Analysis

Improving Malware Analysis Workflows by Modifying the default Ghidra UI.

Malware Analysis Guides

Cobalt Strike .VBS Loader - Decoding with Advanced CyberChef and Emulation

Manually decoding a Cobalt Strike .vbs Loader utilising advanced CyberChef and Shellcode Emulation.

Malware Analysis Guides

Cobalt Strike Malware Analysis With CyberChef and Emulation - .HTA Loader Example

Decoding a .hta script with CyberChef and analysing Shellcode with the SpeakEasy Emulator.

Malware Analysis Guides

Ghidra Tutorial - Using Entropy To Locate Cobalt Strike Decryption Functions

Using Ghidra Entropy Analysis to Identify a decryption function.

Malware Analysis Guides

How To Decode Visual Basic (.vbs) Malware - DarkGate Loader

Demonstrating basic techniques for decoding a darkgate .vbs loader.

Detection Engineering

How to Write Yara Rules For DotNet Malware

How to develop Yara rules for .NET Malware. Utilising IL instructions and associated bytecodes.

Malware Analysis Guides

How To Write a Simple Configuration Extractor For .NET Malware - RevengeRAT

Introduction to dotnet configuration extraction. Leveraging RevengeRat and Python.

Detection Engineering

How To Write Yara Rules For Malware - Practical Examples

Practical examples and breakdowns of indicators that can be used to produce effective yara rules.

Latest

Malware Unpacking With Hardware Breakpoints - Cobalt Strike Shellcode Loader

Malware Unpacking With Memory Dumps - Intermediate Methods (Pe-Sieve, Process Hacker, Hxd and Pe-bear)

How to Use Process Hacker and DnSpy to Unpack .NET Malware

Remcos Downloader Analysis - Manual Deobfuscation of Visual Basic and Powershell

Understanding and Improving The Ghidra UI for Malware Analysis

Cobalt Strike .VBS Loader - Decoding with Advanced CyberChef and Emulation

Cobalt Strike Malware Analysis With CyberChef and Emulation - .HTA Loader Example

Ghidra Tutorial - Using Entropy To Locate Cobalt Strike Decryption Functions

How To Decode Visual Basic (.vbs) Malware - DarkGate Loader

How to Write Yara Rules For DotNet Malware

How To Write a Simple Configuration Extractor For .NET Malware - RevengeRAT

How To Write Yara Rules For Malware - Practical Examples