Hesperbot DGA : Everything is Dynamically generated using GA
Our next contender for DGA series is Hesperbot. It generates all strings/object-names dynamically using various "Generation Algorithms"
similar to DGA. Though its DGA differs from NGA (Name generation algorithm) used for name generation for objects like filenames, foldernames,
But both DGA & NGA utilises same seed generator. Hesperbot's DGA is free from date/time and generates
This post discuses the things from the point where reversing of any malware ends.
The analysis of a malware is not enough to satisfy any researcher. There is no point
in analysing a malware and then writing a report on it and forgetting it for eternal times.
Neither just analysing a malware will help stop botnet herders from performing crimes nor it will
help a large population of non technical targets/victims.
If analysing a malware
[ Taken from Forum posts and edited ]
This Time we'll colour our hands with the blood of windows 8 Developer's Preview edition. What we need , a target application, a vulnerability, and a debugger, and though notepad + calc also.
So we have Windows 8 : Developer's Preview Edition
Firefox : 3.6.16
Java (JRE) : 6u29
So what is the difference in windows7 and windows8 exploitation.
To achieve code execution in win7
In defeating DEP you atleast need some information that will evade the ASLR.
There are mainly two ways:
1. Any anti ASLR modules gets loaded into the target application. I mean you have the base address of any module at fixed location always even after the system restart.
2. You get a pointer leak from a memory leak/buffer overflow/any zeroday. In this technique you can adjust the offsets to grab the base address of the module whose pointer gets leaked.