Malware analysis: Gargoyle, a memory scanning evasion technique

Gargoyle is a memory analysis evasion technique that uses return-oriented programming (RoP) for hiding all of a program’s executable code in non-executable memory when it is inactive, and temporarily mark it executable to do some work at a pre-defined interval (every 15 second, in the PoC).

Continue reading “Malware analysis: Gargoyle, a memory scanning evasion technique”