Locating DLL Name from the Process Environment Block (PEB)

I often encounter software, especially when performing malware analysis, that dynamically constructs it’s own import table. This can be done for a variety of reasons and in a variety of ways. In this article, we’ll explore one method I recently encountered. I typically become suspicious of this activity when I see the following assembly instructions: mov ebx, fs:[ 0x30 ] mov ebx, [ ebx + 0xC ] mov ebx, [ ebx + 0x14] mov esi, [ ebx + 0x28 ]

Read more

02 – Joining A CTF

Once you have created an account, you may either decide to join a public or private competition. If you cannot find the competition you joined, try checking both the Live & Inactive competition tabs within the left sidemenu. Joining a public competition On the home page, click the side menu tab on the left Find a Public Competition. From here you may view a list of public competitions currently active on the site. Joining a private competition While on the home page, ensure that either Live Competitions or Inactive Competitions is selected within the left sidemenu. Click on the green…

Read more