all InfoSec news
Dump memory of process before it kills itself
May 21, 2023, 5:25 p.m. | /u/amjcyb
For [Blue|Purple] Teams in Cyber Defence www.reddit.com
I'm analyzing a malware sample that is calling a C2, sets a persistence in registry, injects in svchost.exe, this svchost calls a second C2 and terminates the process.
I guess the malware is injecting a second shellcode in svchost but as the process kills itself I can not dump it and do some forensics to see the shellcode.
Any ideas about what else could I do?
blueteamsec malware memory persistence process registry shellcode
More from www.reddit.com / For [Blue|Purple] Teams in Cyber Defence
A Summary of 6 Months Tracking AiTM Campaigns
1 day, 20 hours ago |
www.reddit.com
Unpacking with Windows Defender
2 days, 2 hours ago |
www.reddit.com
How Lazarus Group laundered $200M from 25 hacks
2 days, 3 hours ago |
www.reddit.com
Recommendations for SIEM Architecture Books
2 days, 6 hours ago |
www.reddit.com
Jobs in InfoSec / Cybersecurity
Social Engineer For Reverse Engineering Exploit Study
@ Independent study | Remote
Data Privacy Manager m/f/d)
@ Coloplast | Hamburg, HH, DE
Cybersecurity Sr. Manager
@ Eastman | Kingsport, TN, US, 37660
KDN IAM Associate Consultant
@ KPMG India | Hyderabad, Telangana, India
Learning Experience Designer in Cybersecurity (f/m/div.) (Salary: ~113.000 EUR p.a.*)
@ Bosch Group | Stuttgart, Germany
Senior Security Engineer - SIEM
@ Samsara | Remote - US