This gist was built by the community of the researchers and was scribed by Kir and Igor from the QIWI/Vulners. We are grateful for the help of all those who sent us the data, links and information. Together we can make this world a better place!
Yuma Kurogome ntddk
vulnersCom
/ Petya_ransomware.md
Last active
August 18, 2025 00:04
nunoplopes
/ z3_dimacs.patch
Created
July 13, 2017 12:32
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| diff --git a/src/sat/tactic/sat_tactic.cpp b/src/sat/tactic/sat_tactic.cpp | |
| index 6775409..634d2dc 100644 | |
| --- a/src/sat/tactic/sat_tactic.cpp | |
| +++ b/src/sat/tactic/sat_tactic.cpp | |
| @@ -65,6 +65,9 @@ class sat_tactic : public tactic { | |
| CASSERT("sat_solver", m_solver.check_invariant()); | |
| IF_VERBOSE(TACTIC_VERBOSITY_LVL, m_solver.display_status(verbose_stream());); | |
| + m_solver.display_dimacs(std::cout); | |
| + std::flush(std::cout); |
pinksawtooth
/ nao_sec-170712_Malware dropped by RIG(2017 May-June).md
Last active
July 31, 2017 10:24
nao_sec-170712_Malware dropped by RIG(2017 May-June)
| Date | Hash | Family |
|---|---|---|
| 5/1 | 0f391cb9897dfd4ad91c66a7b17f28df8c82d8ece937a411394a7bee27a6e330 | SmokeLoader |
| 5/2 | b1ac30b73b959603bb2c42f97bab6ca48f5a953a1fcb50bacb06f0eb5e2402c7 | SmokeLoader |
| 5/7 | 0aea25457447b35ef7bb9baa849be1a2c5a06f926d4387d9540040f34cc25851 | SmokeLoader |
| 5/8 | 0fd66826ca59b33c8f9d116c97a80e632cf87821fba6e9a3ea10321e757e41c2 | SmokeLoader |
| 5/10 | 0fd66826ca59b33c8f9d116c97a80e632cf87821fba6e9a3ea10321e757e41c2 | SmokeLoader |
radare2のなかみ(radare2 internal)
r2でもTimeless Debugingしたい。(GSoC2017) mid-termまでにrrやqiraのログを読んでTDできるように。finalでデバッガのプラグインとしてレコーダも開発。
- dsb(debugger step back)を作れとの事だが、これは1ステップバックコマンド。で、ステップ"オーバー"するべきなの? 関数呼び出した後、後ろに戻ったら関数内のretに戻るべき?
- qiraとかrrのtracing sessionはどうやって読み込む? r2実行時コマンドオプションで渡す? 読み込むタイミングは?
- dsbの実装案、RDebugがその時のデバッギの状態っぽい。これを前の状態に戻す。dsoの場合r_debug_step_overからptrace(SINGLE_STEP)でデバッギの状態を更新 じゃあdsbやろうと思うと、PC含めレジスタの書き換えができるのでptraceで制御を1命令戻すとかは可能。なので必要なのは、デバッグログ。このログを読んでいってptrace で状態を前に戻していけば良さそう。
2018年度(平成30年度)税制改正について.doc
- SHA256:
5504e04083d6146a67cb0d671d8ad5885315062c9ee08a62e40e264c2d5eab91 - Hybrid Analysis: https://www.hybrid-analysis.com/sample/5504e04083d6146a67cb0d671d8ad5885315062c9ee08a62e40e264c2d5eab91
- Uses
Certutil.exeto decode a payload
Decoded payload(AYRUNSC.EXE)
- SHA256:
5af8de30b8c00d09be950e1c372ee94a1b416124151afcaf997ad41d7992cf71 - Hybrid Analysis: https://www.hybrid-analysis.com/sample/5af8de30b8c00d09be950e1c372ee94a1b416124151afcaf997ad41d7992cf71
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # (c) Tim Blazytko 2021 | |
| # implementation based on the blog post "Automated Detection of Control-flow Flattening" | |
| # https://synthesis.to/2021/03/03/flattening_detection.html | |
| import sys | |
| from miasm.analysis.binary import Container | |
| from miasm.analysis.machine import Machine | |
| from miasm.core.locationdb import LocationDB | |
OlderNewer