Rootkits are tools and techniques used to hide malicious modules from being noticed by system monitoring.
Category: Malware Analysis
Recently i’ve published this post focused on hunting malware using volatility and Yara rules.
Gargoyle is a memory analysis evasion technique that uses return-oriented programming (RoP) for hiding all of a program’s executable code in non-executable memory when it is inactive, and temporarily mark it executable to do some work at a pre-defined interval (every 15 second, in the PoC).
The malware detects virtualized environments by taking infected machines’ CPU temperature.
Dynamic and static malware analysis using a lot of preconfigured environments.