Reverse Engineering with Ghidra – Calling Conventions

I’ve posted a short video that takes a look at three prevalent calling conventions: C Declaration, standard call and fast call. I will show you how to compile sample programs from source, load them in Ghidra and analyze the disassembly/decompiler output to observe the differences in the calling conventions. The source code for the sample program can be found on my Github:https://github.com/jstrosch/learning-reverse-engineering/tree/master/Calling%20Conventions

Read more

Maldoc Workshop at Hack-in-the-Box CyberWeek (UAE)

I gave a free 4-hour workshop as part of the Hack-in-the-Box (HITB) CyberWeek (November 15th, 2020). The focus of this workshop was on analyzing malicious Word and Excel documents: Malicious office documents continue to be an effective tool for threat actors to compromise their victims and gain access to an organization’s network. While these documents have been around for a while, malware authors continue to find effective ways of abusing functionality to minimize their detection. This year alone we have seen a resurgence of such techniques through the use of Excel 4 Macros and other creative ways to bypass detection….

Read more