janestebans.hashnode.devReversing an .HTA File - 1We have recently received a URL inside of an email that redirected to a page that downloaded a zip file. Inside this zip file there was a .HTA file. 馃挕 This file is very simple and is a very good entry point to reversing for anyone interested in lea...Nov 16, 2023路6 min read
janestebans.hashnode.devBasic Windows AV Bypass - Part 5 - Embed and Execute the ShellcodeNow we can finally start coding our trojan. The malware we are going to use for testing is a reverse TCP shell from Metasploit. Before coding the shellcode loader, let's see if AVs can detect the reverse shell executable. To generate the reverse TCP ...Jun 16, 2023路6 min read
janestebans.hashnode.devBasic Windows AV Bypass - Part 4 - Malware FormatNow that we have the development and testing environments set up we can start designing and implementing our trojan. The first question to answer is how we will store the piece of malware inside of our trojan. There are two options: Shellcoded hardco...Jun 16, 2023路4 min read
janestebans.hashnode.devBasic Windows AV Bypass - Part 3 - Preparing the testing and development environmentsBefore starting, we need to set up the testing environment and the development environment. The Static Analysis will be tested with an online service that allows running a file through 27 different AVs. The most known service is called VirusTotal, ho...Jun 15, 2023路4 min read
janestebans.hashnode.devBasic Windows AV Bypass - Part 2 - AVs and EDRsAn AV (Anti Virus) is a piece of software that analyses files and monitors the OS (Operative System) status to detect malware. AVs can also analyze the machine鈥檚 traffic to determine suspicious behaviour. AVs only work in the machine they are install...Jun 15, 2023路6 min read
