In this short post i want to share a first quick reversing of petya+eternalblue dll, md5: 3936bda83b590512fa2cfef8acf6c294. It is a first look at it, i hope the information here it is correct.
Showing posts with label eternal blue. Show all posts
Showing posts with label eternal blue. Show all posts
Tuesday, June 27, 2017
Friday, June 23, 2017
Loading and Debugging Windows Kernel Shellcodes with Windbg. Debugging DoublePulsar Shellcode
In this article i’d like to share a windbg script that will let us to load a shellcode from a file to kernel memory and create a kernel thread to execute it. I have not played a lot with the script yet, if you find some bug please tell me.
Subscribe to:
Posts (Atom)