Skip to primary content
Skip to secondary content

BidouilleSecurity

BidouilleSecurity

Main menu

  • Home
  • Tutorials
    • Writing a PE packer >
      • Introduction
      • Part 1 : load a PE in memory
      • Part 2 : handling imports and relocations
      • Part 3 : packing with python
      • Part 4 : packing with no relocation
      • Part 5 : simple obfuscation
  • Categories
    • Reverse
    • Tooling

Tag Archives: obfuscation

Reversing a shellcode with import by hash

Posted on 14 May 2021 by Jeremy

A few days back a fellow reddit user asked if a powershell command he found was malicious … I checked, and here is the result ! (spoiler alert : of course if was)
Continue reading →

Posted in malware, Reverse | Tagged obfuscation, powershell, reverse | Leave a reply

Windows PEB parsing – A binary with no imports

Posted on 27 February 2021 by Jeremy

We’re going to see how a program can parse the PEB to recover Kernel32.dll address, and then load any other library. Not a single import is needed !

Continue reading →

Posted in Reverse, Tutorial | Tagged experiment, obfuscation, programming, tutorial | Leave a reply

Tags

  • antivirus (1)
  • experiment (1)
  • IDA (2)
  • obfuscation (2)
  • packer (8)
  • plugin (1)
  • powershell (2)
  • programming (8)
  • reverse (10)
  • tutorial (8)

Socials

  • mailjeremy {at} bidouillesecurity.com
  • githubGithub