-
On a Win10 x64 box, in an Admin cmd window I am running the python script from the article https://www.countercept.com/blog/detecting-malicious-use-of-net-part-1/ (https://gist.github.com/countercept…
-
check all the keywords mentioned in https://www.countercept.com/blog/dechaining-macros-and-evading-edr
-
Currently as parent/child relationships were a last minute add, they can only be created through scales. This means we cannot make manual links and we cannot edit them either. The hacky code in questi…
-
I double checked that I used the same python to generate the exe file and I'm using the same version with unpy2exe and still getting: `RuntimeError: Bad code object in .pyc file`
-
When I try to decompile `.pyc` files generated by python-exe-unpacker, I got the following error:
```
Traceback (most recent call last):
File "/usr/local/lib/python3.7/site-packages/xdis/load.p…
Gowee updated
11 months ago
-
I'm working on a plugin for volatility that presents the memory image it opens as a FUSE volume where each directory is a view of a different process. What I'm trying to do is then open one of these …
-
1. Where are the samples stored on the system?
I want to know where the samples are stored so that I can properly document the location for future reference.
2. Can samples be deleted from the ma…
-
## Background
Malware is often packed or encrypted using custom algorithms on specific sections within a dropper binary. It would be nice to arbitrarily specify extracting/unpacking/decrypting/deco…
-
Shim cache analysis of data from a subset of Windows 11 boxes fails with an "input is out of range" error. These boxes have been running a while, and have a few programs installed on them, but I was …
-
can you add cynet also.