Tag: malware_analysis

Continuing the Maldoc101 malware analysis — decoding obfuscated VBA string concatenation to reveal WMI class references used for process execution.

Step-by-step maldoc analysis of the Maldoc101 challenge using oledump and olevba — deobfuscating VBA macros and tracing the WMI process execution chain.

shcode2exe converts raw shellcode blobs or strings into debuggable executables targeting 32 or 64-bit Windows, with no Wine dependency when running on Linux.

Defcon RTV CTF writeup — reversing a Linux malware binary, bypassing ptrace anti-debugging, and recovering flags from shared memory and rootkit files.