As promised, here is the second article about my ELF packer.
Here, I'll talk about dynamically-linked ELF (i.e. which has dependencies to ".so" modules), which is more tricky than the "basic" packer I showed before. The code is still NASM, and still under 32bit (feel free to rewrite the code to support 64-bit architecture ;))

I recently decided to make an ELF packer, in order to learn some cool stuff about Linux kernel and ELF format, so I'll write 2 or 3 articles in this blog to explain some stuff I discovered. To write this article, I use NASM and a x86 linux kernel (yeah guys, I'm still on a x86 archlinux). But before, let's listen to some music

Hi folks !
As it's spring (and I've not written something for a while), malwares get updated, and this is also the case for Andromeda which got an update. I know I already wrote something about previous version, but this version has some fun tricks, so let's reverse it to see these tricks :)

For this first english article, I'll talk about a RAM scrapper I found in the wild (and because Xylitol asked me to write an article about POS malware :þ).

Comme promis dans mon précédent billet, j'ai poursuivi (motivé à coup de chocapicz et de techno bourrine, enfin bref passons) ma quête du Graal, c'est-à-dire la poursuite de l'analyse de Andromeda Bot.
Je pense que cette analyse ennuyeuse à mourrir pour le commun des mortels ravira les reverseurs de malwares …