This blog post aims to show how you can dynamically analyse Windows malwares using API Monitor. One of the great benefits is that you can take a look at each API calls. You can even breakpoint on them, and edit the value before and after the call. Custom malware For learning purpose, we will write a basic Windows malware which will: Check the presence of a hardcoded registry key. If not present, the execution is stopped....
In this article, we will have a quick overview of the PNG file structure and some Steganography technics used. PNG Steganography is often used for CTF, so I hope this article will be helpful :) PNG file structure Chunks A PNG is composed of chunks. Each chunk contains four parts: Length (4 bytes): indicate the number of bytes in the chunk’s data field (ignoring himself, chunk type and CRC) Chunk type (4 bytes): indicate the chunk type, limited to ASCII letters Chunk data (length depends of the chunk type): the size can be from 0 to (2^31)-1 bytes CRC(4 bytes): calculated using the chunk type and data....