Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2020-08-23Nullteilerfrei BlogLars Wallenborn
@online{wallenborn:20200823:programmatically:e6fd043, author = {Lars Wallenborn}, title = {{Programmatically NOP the Current Selection in Ghidra}}, date = {2020-08-23}, organization = {Nullteilerfrei Blog}, url = {https://blag.nullteilerfrei.de/2020/08/23/programmatically-nop-the-current-selection-in-ghidra/}, language = {English}, urldate = {2020-08-24} } Programmatically NOP the Current Selection in Ghidra
Zlob
2020-06-11Nullteilerfrei BlogLars Wallenborn
@online{wallenborn:20200611:api:495c8ab, author = {Lars Wallenborn}, title = {{API Hashing in the Zloader malware}}, date = {2020-06-11}, organization = {Nullteilerfrei Blog}, url = {https://blag.nullteilerfrei.de/2020/06/11/api-hashing-in-the-zloader-malware/}, language = {English}, urldate = {2020-08-18} } API Hashing in the Zloader malware
Zloader
2020-05-31Nullteilerfrei BlogLars Wallenborn
@online{wallenborn:20200531:string:53b78a9, author = {Lars Wallenborn}, title = {{String Obfuscation in the Hamweq IRC-bot}}, date = {2020-05-31}, organization = {Nullteilerfrei Blog}, url = {https://blag.nullteilerfrei.de/2020/05/31/string-obfuscation-in-the-hamweq-irc-bot/}, language = {English}, urldate = {2020-06-05} } String Obfuscation in the Hamweq IRC-bot
Hamweq
2020-05-24Nullteilerfrei BlogLars Wallenborn
@online{wallenborn:20200524:zloader:0ce15ba, author = {Lars Wallenborn}, title = {{Zloader String Obfuscation}}, date = {2020-05-24}, organization = {Nullteilerfrei Blog}, url = {https://blag.nullteilerfrei.de/2020/05/24/zloader-string-obfuscation/}, language = {English}, urldate = {2020-05-26} } Zloader String Obfuscation
Zloader
2020-04-26Nullteilerfrei BlogLars Wallenborn
@online{wallenborn:20200426:use:04235ea, author = {Lars Wallenborn}, title = {{use Ghidra to Decrypt Strings of KPOTstealer Malware}}, date = {2020-04-26}, organization = {Nullteilerfrei Blog}, url = {https://blag.nullteilerfrei.de/2020/04/26/use-ghidra-to-decrypt-strings-of-kpotstealer-malware/}, language = {English}, urldate = {2020-05-05} } use Ghidra to Decrypt Strings of KPOTstealer Malware
KPOT Stealer
2020-02-02Nullteilerfrei BlogLars Wallenborn
@online{wallenborn:20200202:defeating:95aa07e, author = {Lars Wallenborn}, title = {{Defeating Sodinokibi/REvil String-Obfuscation in Ghidra}}, date = {2020-02-02}, organization = {Nullteilerfrei Blog}, url = {https://blag.nullteilerfrei.de/2020/02/02/defeating-sodinokibi-revil-string-obfuscation-in-ghidra/}, language = {English}, urldate = {2020-02-09} } Defeating Sodinokibi/REvil String-Obfuscation in Ghidra
REvil
2019-11-09Lars Wallenborn
@online{wallenborn:20191109:apihashing:ec59534, author = {Lars Wallenborn}, title = {{API-Hashing in the Sodinokibi/Revil Ransomware - Why and How?}}, date = {2019-11-09}, url = {https://blag.nullteilerfrei.de/2019/11/09/api-hashing-why-and-how/}, language = {English}, urldate = {2019-12-18} } API-Hashing in the Sodinokibi/Revil Ransomware - Why and How?
REvil