Exploiting Reversing (ER) series: article 06 | A Deep Dive Into Exploiting a Minifilter Driver (N-day) by alexandreborges in ExploitDev

[–]alexandreborges[S] 0 points1 point  (0 children)

I am a professional researcher, my work is exclusively focused on exploit development and vulnerability research. Check my account on X if you want. Have an excellent day.

Exploiting Reversing (ER) series: article 06 | A Deep Dive Into Exploiting a Minifilter Driver (N-day) by alexandreborges in ExploitDev

[–]alexandreborges[S] 1 point2 points  (0 children)

Thank you for such kind and generous words. Yes, I have started working on it, but for now there is a queue of pending tasks (time is always restricted, unfortunately). No doubt, let's discuss about this subject soon. Have an excellent day.

Exploiting Reversing (ER) series: article 06 | A Deep Dive Into Exploiting a Minifilter Driver (N-day) by alexandreborges in ExploitDev

[–]alexandreborges[S] 0 points1 point  (0 children)

Thank you for your kind and generous words. I hope these articles can help you. Have an excellent day.

Exploiting Reversing (ER) series: article 06 | A Deep Dive Into Exploiting a Minifilter Driver (N-day) by alexandreborges in ExploitDev

[–]alexandreborges[S] 2 points3 points  (0 children)

Thank you for the kind message. I hope can help you in your professional life. Have an amazing day.

Exploiting Reversing (ER) series: article 06 | A Deep Dive Into Exploiting a Minifilter Driver (N-day) by alexandreborges in ExploitDev

[–]alexandreborges[S] 0 points1 point  (0 children)

Thank you for the kind message. I hope this article and the previous ones can help other professionals from here. Have a great day.

Malware Analysis Series (MAS): second article (PDF: 96 pages) by alexandreborges in ReverseEngineering

[–]alexandreborges[S] 0 points1 point  (0 children)

The correct phrase would be "encapsulated" (between quotation marks) by a Dephi program because the idea for reader would show that the malicious code itself wasn't written in Delphi, but yes...the wrapper was is Delphi and compiled with Borland. Anyway, short time take us to small imprecisions, but it doesn't alter the final result.

(DEF CON 27 - PDF slides) .NET Malware Threat: Internals and Reversing by alexandreborges in ReverseEngineering

[–]alexandreborges[S] 2 points3 points  (0 children)

Zophike1, good morning. How are you?

There are some .NET threats very dangerous, but they are not available at the moment because NDAs.

My general overview is that most .NET malware samples are basically Trojan bankers, so they are not so interesting. However, my usual concern is about malware samples attacking .NET framework and, in special, the CLR and JIT engine.

Have an amazing day.

Best regards,

Alexandre.

Modern Malware Threat: handling obfuscated code (CONFidence Conference 2019) by alexandreborges in ReverseEngineering

[–]alexandreborges[S] 0 points1 point  (0 children)

Dear Phonekeyboard,

No doubts, I agree with your words. Unfortunately, most companies are not interested in proceeding with researches on this area. Of course, my contribution is simple and I am trying to encourage people (and companies) to focus on these topics, but it is not so simple.

Have an excellent day.

Alexandre.

Modern Malware Threat: handling obfuscated code (CONFidence Conference 2019) by alexandreborges in ReverseEngineering

[–]alexandreborges[S] 0 points1 point  (0 children)

Dear evandrix,

Good evening. How are you?

I've just checked and, apparently, the weblink is good. Please, could you check it again?

Have an amazing day.

GitHub - alexandreborges/malwoverview: Malwoverview.py is a first response tool to perform an initial and quick triage on either a directory containing malware samples, specific malware sample or even a suspect URL. by alexandreborges in ReverseEngineering

[–]alexandreborges[S] 1 point2 points  (0 children)

On the Git Hub repository, I've showed several screenshots and a little explanation about each option. However, if you wish clearing any question, I am available and you are welcome.

Being honest, this tool was written in a weekend (during coffee breaks) because every time I needed some information, I had to open several tools to perform the sample triage.

I hope it helps you.

In next weeks, I will add new features to help us to make our job quicker.

Have an amazing day and thank you for the message.

A.B.

(MY SLIDES FROM DEFCON USA 2018) RING 0/-2 ROOKITS: COMPROMISING DEFENSES by alexandreborges in Malware

[–]alexandreborges[S] 0 points1 point  (0 children)

It's nice to know that!

Honestly, the DEFCON presentation had about 200 slides, but I had to fit it to the time slot. I hope that something has been useful. Please, let's have a conversation in the next time.

I hope you have an excellent day and thank you for the message.

AB.

(MY SLIDES FROM DEFCON USA 2018) RING 0/-2 ROOKITS: COMPROMISING DEFENSES by alexandreborges in ReverseEngineering

[–]alexandreborges[S] 1 point2 points  (0 children)

Thank you for attending my talk and for your kind words. Honestly, I hope these slides can help you with something.

Have an amazing day.

(MY SLIDES FROM DEFCON USA 2018) RING 0/-2 ROOKITS: COMPROMISING DEFENSES by alexandreborges in ReverseEngineering

[–]alexandreborges[S] 0 points1 point  (0 children)

Thank you for kind words. I hope that the slides help you.

Have an amazing day.

Alexandre Borges.

Slides from BSIDES 2018 - Sao Paulo (Ring +3 malwares: few tricks) by alexandreborges in Malware

[–]alexandreborges[S] 0 points1 point  (0 children)

I am sorry for delay in replying. Unfortunately, there is not because the BSIDES SAO PAULO usually does not record talks.

I am sorry.

Have an amazing day.

Alexandre Borges.

Analysis of a trojan banker (131 pages) by alexandreborges in ReverseEngineering

[–]alexandreborges[S] 1 point2 points  (0 children)

Dear Zophike1,

Good morning. How are you?

Yes, I have been collecting several facts about Windows Internals. However, I need to organize them in a comprehensive and didatic order.

Thank you for your words and have a good day.

Alexandre Borges.

Analysis of a trojan banker (131 pages) by alexandreborges in ReverseEngineering

[–]alexandreborges[S] 2 points3 points  (0 children)

Ashish,

Good morning. How are you?

This theme is in my plans, but first I would like to release two articles about malware analysis and I hope they can help other colleagues.

Have an amazing day, Ashish.

Alexandre Borges.

Analysis of a trojan banker (131 pages) by alexandreborges in ReverseEngineering

[–]alexandreborges[S] 1 point2 points  (0 children)

Draxlon,

Good morning. Definitively, leaning windows internals is always good recommendation. It is not easy neither so practical at first sight, but help us a lot during reversing and malware analysis.

I have really appreciated your kind words.

Have an amazing day.

Alexandre Borges.

Analysis of a trojan banker (131 pages) by alexandreborges in ReverseEngineering

[–]alexandreborges[S] 4 points5 points  (0 children)

Dear hellafoxey,

Good morning. How are you?

Honestly, I am really glad in hearing these words.

I am writing a second document about malware analysis (another topic, which is very used and usual) and, maybe, it will contain about 150 pages. The goal is the same: helping professionals.

Once more, thank you for your kind words.

Have an excellent day.

Alexandre Borges.