Get a Pentest and security assessment of your IT network.

News

Disassembler and Runtime Analysis

Attacker modified a legitimate executable that is part of “Symantec Endpoint” The well-known IDA Pro disassembler has trouble displaying the modification as we will show later in this post. We will present a way to identify this kind of modification and the limitation in this approach. The last instruction to jump to the malicious code is in fact JMP (JMP) by patching the address of the end of the function (0xF6D3) by replacing the 0xF5D3 by 0xD7. We assume IDA uses the pdata section to retrieve the end and the beginning of the runtime functions.”]

Source: https://blog.talosintelligence.com/2017/10/disassembler-and-runtime-analysis.html

Related posts
News

Ashley Madison 2.0 Hackers Leak 20GB Data Dump, Including CEO's Emails

News

Art of Twitter account hacking

News

Take note, next week update Adobe Reader and Acrobat to fix critical flaws

News

Linux bug leaves 1.4 billion Android users vulnerable to hijacking attacks