onlyf8@home:~$

  • Powershell and Obfuscation

    What is Powershell? Powershell is an object-oriented automation language developed by Microsoft in 2006. Built with .NET, this platform is built to make it easier for system administrators to manage devices and create scheduled tasks. In 2016, the source code was published as open-source. So why is there powershell in...

  • What is Unpacking?

    What is Unpacking? One of the primary goals of malware developers is to make it difficult to analyze and, for the reasons that arise, to detect. More than one technique is used for this purpose. The subject of this article will be the “packing” technique, which is perhaps the most...

  • Patching

    What is Patching? It is a concept known to everyone who used a computer in the 2000s and somehow thought, “How can I use this software for free?”; Patching. There were cracker brothers/sisters who were cool to us back then, behaviors that seemed extremely mysterious to us because we didn’t...

  • YARA Rules

    Content What is YARA rule? Meta Strings Conditions What is YARA rule? YARA is a tool used by analysts in the classification/identification of malware with a specific syntax. The rules written for this software are also called the YARA Rule. This blog post contains information about the general concept of...

  • x86 Assembly Language 101

    What is Assembly? In the first years of computers, different processor architectures began to be produced. These architectures are the rules that determine the code that can be run on and the results of the code that is run. I don’t want to dive too far into its history (I...

  • PE Format

    What is PE ? PE (Portable Executable) are files that can be moved and run between Windows systems without compatibility problems. To be portable, a common language/architecture must be defined for all devices, data that means “A” on one device must mean “A” on another device. Here, too, an architecture...

  • Malware Analysis Basics

    Malware Analysis Basics Topics Malware lab preparation What is malware? What are the types of analysis? Toolkit Compiling a C/C++ Source File Example Introduction One Windows (7/10) virtual machine and one RemNux virtual machine are required to be used in the analyzes to be performed. FlareVM is available as Windows...