Consulting, services, computer engineering. Implementation of technology solutions and support for businesses.

User Rating: 5 / 5

Star ActiveStar ActiveStar ActiveStar ActiveStar Active



WinAppDbg script to automate malware unpacking.

Detects certain unpacking behaviour (but not all)
Determines original entry point
Determines jump point to original entry point
Dumps unpacked code to a file
Attempts to find unpacking loop
Dumps memory decrypted by CryptDecrypt()
Dumps memory decompressed by RtlDecompressBuffer()
Attempts to detect process hollowing
Dumps injected memory blocks to a file
Dumps decrypted network traffic
More information
Automated Unpacking: A Behaviour Based Approach




Une question? Posez-la ici

Aide pentest d'applications

Beyond Automated Unpacking: Extracting Decrypted/Decompressed Memory Blocks

File hashes
I’m testing a mechanism for verifying the integrity of my code downloaded from GitHub by storing the file hashes in my DNS zone. This has the advantage of preventing (or lessening the chance of) an attacker being able to modify the code and also modify the corresponding hashes.




Une question? Posez-la ici

Aide pentest d'applications

To get the SHA256 hash for the zip download file (I’m only doing the zip downloads at the moment, because I have to enter all of this information manually), issue a DNS request for the TXT record

For instance, to obtain the SHA256 hash for, issue a DNS TXT record request for





Une question? Posez-la ici

Aide pentest d'applications




Renseigner le résultat dans le champ ci-dessous (Pour concaténation et rapport à la fin)

Analyser, se poser des questions sur le résultat. Noter aussi les remarques sur le résultats s'il semble étrange

et passer à la phase suivante

on Google+