Gray-Box Poisoning of Continuous Malware Ingestion Pipelines

Modern malware detection pipelines rely on continuous data ingestion and machine learning to counter the high volume of novel threats. This work investigates a realistic gray-box poisoning threat model targeting these pipelines. Using the secmlmalware framework, we generate problem-space...

EUVD-2005-0141

Malware in sbrugna...

EUVD-2005-0116

Malware in sbrugna...

laZzzy - Shellcode Loader, Developed Using Different Open-Source Libraries, That Demonstrates Different Execution Techniques

laZzzy is a shellcode loader that demonstrates different execution techniques commonly employed by malware. laZzzy was developed using different open-source header-only libraries. Features Direct syscalls and native Nt functions not all functions but most Import Address Table IAT evasion Encrypte...

Huan - Encrypted PE Loader Generator

Huan is an encrypted PE Loader Generator that I developed for learning PE file structure and PE loading processes. It encrypts the PE file to be run with different keys each time and embeds it in a new section of the loader binary. Currently, it works on 64 bit PE files. How It Works? First, Huan...

Amber - POC Reflective PE Packer

Amber is a proof of concept packer, it can pack regularly compiled PE files into reflective PE files that can be used as multi stage infection payloads. If you want to learn the packing methodology used inside the Amber check out below. PS: This is not a complete tool some things may break so tak...

CVE-2005-0140

Buffer overflow in PeID allows attackers to execute arbitrary code via a PE file with an Import Address Table containing a long import library name...

CVE-2005-0140

CVE-2005-0140 affects PeID: a buffer overflow in the Import Address Table when processing a PE file with a long import library name can allow arbitrary code execution. Documents consistently describe this as a buffer overflow vulnerability in PeID and do not provide a published fix or affected ve...

CVE-2005-0115

Stack-based buffer overflow in DataRescue Interactive Disassembler IDA Pro 4.7 allows attackers to execute arbitrary code via a PE file with an Import Address Table containing a long import library name...

CVE-2005-0115

Stack-based buffer overflow in DataRescue Interactive Disassembler IDA Pro 4.7 allows attackers to execute arbitrary code via a PE file with an Import Address Table containing a long import library name...