You may have heard about the shellshock bash vulnerability that allows remote code execution by setting a specially crafted environment variable before running bash. I investigated whether it was possible to place something in front of bash to attempt to detect and protect against a potential exploit.
Continue Reading
Archives
All posts for the month September, 2014
It’s been about a year and a half since I wrote about a behavioural approach to automated unpacking, and I figured it was time to add some more functionality to unpack.py. This time, I’m going to look at malware decrypting/decompressing code from within itself, and process hollowing, and see if we can capture the decrypted/decompressed/newly written memory. Let’s spruce unpack.py up a tad. Continue Reading