[SANS ISC] Jumping into Shellcode

I published the following diary on isc.sans.edu: “Jumping into Shellcode“:

Malware analysis is exciting because you never know what you will find. In previous diaries, I already explained why it’s important to have a look at groups of interesting Windows API call to detect some behaviors. The classic example is code injection. Usually, it is based on something like this:

1. You allocate some memory
2. You get a shellcode (downloaded, extracted from a specific location like a section, a resource, …)
3. You copy the shellcode in the newly allocated memory region
4. You create a new threat to execute it.

[Read more]

The post [SANS ISC] Jumping into Shellcode appeared first on /dev/random.

Article Link: https://blog.rootshell.be/2021/03/29/sans-isc-jumping-into-shellcode/