[RP]: It Is All About Program Execution

Nice article about malware mechanisms and analysis:

It Is All About Program Execution: http://journeyintoir.blogspot.de/2014/01/it-is-all-about-program-execution.html 


[RP]: Finding Malware Like Iron Man

Nice presentation:

“Finding Malware Like Iron Man” by Corey Harrell

[PDF]: https://sites.google.com/site/journeyintoir/home/Finding_Malware_Like_Iron_Man-NYS-version.pdf?attredirects=0&d=1


[RP]: Extracting ZeroAccess from NTFS Extended Attributes

just a quick link: Extracting ZeroAccess from NTFS Extended Attributes


[RP]: Hiding env./tools from malware

Just a quick repost of a nice article:

Hiding env./tools from malware a.k.a. fight fire with fire (but only inside VM)


[RP]: Malware Analysis Resources

Impressive list:

Malware Analysis Resources


Thug on REMnux (Walkthrough)

This blog posts describes how to install Thug (see http://www.honeynet.org/node/827, https://github.com/buffer/thug) on a fresh copy of REMnux 3.0 (VMware version). You should be familiar with VMware and Debian-like OS and have your favourite drugs (read: coffee) within reach …


[RP]: De-Obfuscating JavaScript

Here’s a nice article on SANS about de-obfuscating malware in IE:

The tale of obfuscated JavaScript continues


[RP]: Using Pastebin for Malicious Sample Collection

How to get samples for malware analysis:



[RP]: PDF Metadata Extraction – Multiple Files

Nice summary on anayzing PDF files: