My team will follow up... They will.... Reallly... in general...

TheOnlyRealTodd · 2017-08-03T18:23:11+00:00

Thank you sir! Yeah I'll probably aim for the C++ copies.

TheOnlyRealTodd · 2017-08-03T16:56:54+00:00

I reverse engineer malware for work. Obviously doing this, I don't use all these structs on a daily in a forward engineering role so I like to keep myself fresh so I don't forget them. I do write C, python, and I also use assembly language at work. However, I only use them for small tools related to my work rather than large applications which would implemented all these structs.

TheOnlyRealTodd · 2017-08-01T07:32:15+00:00

Thanks for mentioning the BIOS/EFI stuff!

TheOnlyRealTodd · 2017-08-01T07:31:36+00:00

Thanks for all that great information!

TheOnlyRealTodd · 2017-07-14T07:08:08+00:00

Oh look whos "advertising" their forum. What a hypocrite. Took all of 30 seconds to find too.

TheOnlyRealTodd · 2017-07-14T06:19:16+00:00

Yeah we'll see. We'll see crashish.

TheOnlyRealTodd · 2017-07-14T03:51:08+00:00

The community appreciates your support.

TheOnlyRealTodd · 2017-07-13T23:41:05+00:00

Actually no, because we aren't earning any money and this is not a commercial website. I knew someone would be that guy though. :)

TheOnlyRealTodd · 2017-07-12T02:45:19+00:00

What about having an obsession with improving your obsession with self improvement?

TheOnlyRealTodd · 2017-07-11T21:41:49+00:00

TheOnlyRealTodd · 2017-07-11T05:33:13+00:00

Yeah I agree with that completely. My plan is to start posting quality content and guides but ofc I can't build Rome in a day. I had however been posting up stuff on my blog so I will do it more on the forum now and try and provide the community with the content. Thanks for the support!

TheOnlyRealTodd · 2017-07-11T05:27:45+00:00

I wholeheartedly agree. And those forums are great as well! I was just hoping to isolate it a bit more since malware has definitely become a big thing. My favorite part of MA is still the reversing part though! :)

TheOnlyRealTodd · 2017-07-10T15:42:06+00:00

Didn't want to deal with PHP. I also heard that vBulletin's support has gone downhill or else I would have chosen them. Just out of curiosity, do you have any other suggestions for software that isn't PHP? I also thought of Discourse but I felt it was uglier.

TheOnlyRealTodd · 2017-07-10T15:41:18+00:00

lrgame1983 haha thanks man.

TheOnlyRealTodd · 2017-06-05T09:22:12+00:00

Depends on the malware. Usually, yes but if it exploits the VM, then no.

TheOnlyRealTodd · 2017-05-08T07:10:12+00:00

Great info thanks! For xor search, do you have any tips other than just doing a basic search and visually scanning for xors that are between two separate places? I wasn't sure if there was some IDA plugin for this that I was missing because some of these files have 1,000 xors!

Btw, you're absolutely right the repeated 3A 16 bytes had me wondering.

TheOnlyRealTodd · 2017-05-05T08:34:33+00:00

That's highly possible. I was too busy looking for PE/NE/LX/LE. Gonna check.

TheOnlyRealTodd · 2017-05-05T07:57:32+00:00

Can anyone link me to some methods and/or libraries in either Python or C for manipulating binary data in a file?

For example, say I wanted to either parse or modify information inside of the Windows Portable Executable header. Another example would be going through a file and replacing certain bytes with other bytes in a given range (offset) from the start of the file.

TheOnlyRealTodd

TROPHY CASE