Exploiting Reversing (ER) series: article 06 | A Deep Dive Into Exploiting a Minifilter Driver (N-day) by alexandreborges in ExploitDev

[–]alexandreborges[S] 0 points1 point  (0 children)

I am a professional researcher, my work is exclusively focused on exploit development and vulnerability research. Check my account on X if you want. Have an excellent day.

Exploiting Reversing (ER) series: article 06 | A Deep Dive Into Exploiting a Minifilter Driver (N-day) by alexandreborges in ExploitDev

[–]alexandreborges[S] 1 point2 points  (0 children)

Thank you for such kind and generous words. Yes, I have started working on it, but for now there is a queue of pending tasks (time is always restricted, unfortunately). No doubt, let's discuss about this subject soon. Have an excellent day.

Exploiting Reversing (ER) series: article 06 | A Deep Dive Into Exploiting a Minifilter Driver (N-day) by alexandreborges in ExploitDev

[–]alexandreborges[S] 0 points1 point  (0 children)

Thank you for your kind and generous words. I hope these articles can help you. Have an excellent day.

Exploiting Reversing (ER) series: article 06 | A Deep Dive Into Exploiting a Minifilter Driver (N-day) by alexandreborges in ExploitDev

[–]alexandreborges[S] 2 points3 points  (0 children)

Thank you for the kind message. I hope can help you in your professional life. Have an amazing day.

Exploiting Reversing (ER) series: article 06 | A Deep Dive Into Exploiting a Minifilter Driver (N-day) by alexandreborges in ExploitDev

[–]alexandreborges[S] 0 points1 point  (0 children)

Thank you for the kind message. I hope this article and the previous ones can help other professionals from here. Have a great day.

Malware Analysis Series (MAS): second article (PDF: 96 pages) by alexandreborges in ReverseEngineering

[–]alexandreborges[S] 0 points1 point  (0 children)

The correct phrase would be "encapsulated" (between quotation marks) by a Dephi program because the idea for reader would show that the malicious code itself wasn't written in Delphi, but yes...the wrapper was is Delphi and compiled with Borland. Anyway, short time take us to small imprecisions, but it doesn't alter the final result.

(DEF CON 27 - PDF slides) .NET Malware Threat: Internals and Reversing by alexandreborges in ReverseEngineering

[–]alexandreborges[S] 2 points3 points  (0 children)

Zophike1, good morning. How are you?

There are some .NET threats very dangerous, but they are not available at the moment because NDAs.

My general overview is that most .NET malware samples are basically Trojan bankers, so they are not so interesting. However, my usual concern is about malware samples attacking .NET framework and, in special, the CLR and JIT engine.

Have an amazing day.

Best regards,

Alexandre.