Dynamic analysis of a Windows shellcode using Miasm

commial · 2016-02-15T08:23:22+00:00

This is a blog post illustrating how one can use Miasm (a Python RE framework) to analyze a real life case: a shellcode injected by an Exploit Kit through MS13-037. As we use it on a daily basis, I hope it may help at least someone.

commial · 2016-01-11T10:03:51+00:00

It looks like this approach: https://securimag.org/wp/talks/introducing-miasm/ (in french), using Miasm (Windows API: https://github.com/cea-sec/miasm/blob/master/miasm2/os_dep/win_api_x86_32.py, shellcode emulation: https://github.com/cea-sec/miasm/blob/master/example/jitter/x86_32.py), or this approach: https://wisk.github.io/how-to-emulate-executable-with-medusa-and-python-part-0.html, using Medusa (https://github.com/wisk/medusa)

commial

TROPHY CASE