Cybersecurity researchers Ran Dubin and Ariel Koren have developed a new platform form malware analysis, based on an AI engine.
Microsoft provides Shims to developers mainly for backward compatibility, but malware can take advantage of shims to target an executable for both persistence and injection.
Rootkits are tools and techniques used to hide malicious modules from being noticed by system monitoring.
Recently i’ve published this post focused on hunting malware using volatility and Yara rules.
Gargoyle is a memory analysis evasion technique that uses return-oriented programming (RoP) for hiding all of a program’s executable code in non-executable memory when it is inactive, and temporarily mark it executable to do some work at a pre-defined interval (every 15 second, in the PoC).