Activity Stream

Filter
Sort By Time Show
Recent Recent Popular Popular Anytime Anytime Last 24 Hours Last 24 Hours Last 7 Days Last 7 Days Last 30 Days Last 30 Days All All Photos Photos Forum Forums Articles Articles Blog Blogs
Filter by: Last 7 Days Clear All
  • WaxfordSqueers's Avatar
    May 29th, 2020, 13:08
    WaxfordSqueers replied to a thread ReverseMe in Off Topic
    Click the Spoiler button on my last post. It reveals a couple of links explaining exactly what it is. The first link gives a step by step solution to...
    6 replies | 55 view(s)
  • evaluator's Avatar
    May 29th, 2020, 08:09
    evaluator replied to a thread ReverseMe in Off Topic
    I tried to 'imagine' environment of this 'shellcode' but ESI & EDI are unknown. well we can think about EDI in range of this code.. but nothings...
    6 replies | 55 view(s)
  • Kayaker's Avatar
    May 29th, 2020, 07:19
    Kayaker replied to a thread ReverseMe in Off Topic
    If you're protected you shouldn't be able to make a copy of that file (ctrl-c ctrl-v). Avast won't let me unless I do it in one of my 'excluded from...
    6 replies | 55 view(s)
  • blabberer's Avatar
    May 29th, 2020, 06:56
    blabberer replied to a thread ReverseMe in Off Topic
    the file itself tells what it is Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F 00000000 58 35 4F 21 50 25 40 41 50 5B 34 5C 50...
    6 replies | 55 view(s)
  • Kayaker's Avatar
    May 28th, 2020, 18:55
    Kayaker replied to a thread ReverseMe in Off Topic
    I've been looking at the Windows Antimalware Scan Interface (AMSI) lately, and its relation to exploits particularly with PowerShell. ...
    6 replies | 55 view(s)
  • WaxfordSqueers's Avatar
    May 28th, 2020, 14:43
    WaxfordSqueers replied to a thread ReverseMe in Off Topic
    I started working through it with the assumption that first statement POP AX was 0000. Got about 10 steps down then decided to check 'and ax,...
    6 replies | 55 view(s)
  • Kayaker's Avatar
    May 28th, 2020, 10:56
    Kayaker started a thread ReverseMe in Off Topic
    This is well known code. Harmless. What is it? Disassembly of File: reverseme.com Code Offset = 00000000, Code Size = 00000044 Data Offset =...
    6 replies | 55 view(s)
  • WaxfordSqueers's Avatar
    May 24th, 2020, 20:26
    @kayaker... procmon on the target did not react to the host machine running windbg in k-mode. I'll have to check out apimon or maybe logger.exe in...
    12 replies | 489 view(s)
  • WaxfordSqueers's Avatar
    May 24th, 2020, 20:24
    Thanks for info Blabbs, very helpful. Re symenumtypes, I got it from the debug help library in dbghelp.chm. Maybe I am using the command...
    12 replies | 489 view(s)
  • blabberer's Avatar
    May 24th, 2020, 01:34
    i don't recall any command named synenumtype so obviously it errs because s is command for Searchmemory and it cant resolve ymen or symen as a...
    12 replies | 489 view(s)
No More Results