@silver_manatee good luck!

Just 2 weeks until I get to NOP those pesky JMPs with another awesome group of #FOR610 malware ninjas SANS DFIR #sanslondon can't wait!

Great example of jmp2it in use by master-of-the-macro himself Didier Stevens, executing raw shellcode in a debugger videos.didierstevens.com/2016/11/28/han…

Analysing fileless malware? Need raw byte for byte extraction from the registry without additional metadata? Try github.com/adamkramer/reg…

Debugging a #malware infection vector? Need to manually trigger shellcode within original file or post carving out? github.com/adamkramer/jmp…

Analysing #malware that checks for a Mutex? Looking for a quick way to see how it responds if the Mutex is present? github.com/adamkramer/cre…

The Stack- low level x86 memory structure used for function calls. Stores passed arguments, local variables & address to return to when done

With an awesome group of students at SANS DFIR SANS Institute, EMEA #FOR610 #sanslondon ... let's hope they can help me solve this!

Looking forward to BSides MCR #BSidesMcr2017 next week!

140 char rap re: the original JayZ, conceived in a standard in 1953. If past result was zero you'll surely see, a rapid change to the EIP 🎤💥

"Uncovering Targeted Web-Based Malware Through Shapeshifting" - New blog & malware analysis tool - blogs.sans.org/computer-foren… SANS DFIR

Getting started in malware analysis, or experienced analyst looking to expand your skills/toolset? I’ll be teaching SANS FOR610 in London, UK 5th - 10th March 2018 - DM me if you’d like to know more sans.org/event/London-M… SANS Institute, EMEA SANS DFIR

Miss HBGary Flypaper for malware analysis? Check out an alternative method to acquire process memory from transient malware using in-built Windows functionality digital-forensics.sans.org/blog/2017/11/2… #malware

Automated Hunting of Software Update Supply Chain Attacks - taking a look at traffic patterns to uncover rogue auto-updates in your network blogs.sans.org/computer-foren…

Leaving the Backdoor Open: Risk of Remotely Hosted Web Scripts... Keep your friends close, and your JavaScript closer! blogs.sans.org/computer-foren…

Need Boxing Day reading? Really clear and comprehensive list of code injection techniques. Blog from Endgame endgame.com/blog/technical…

Day 5 of SANS DFIR FOR610 drawing to a close at SANS Institute, EMEA #sanslondon - another group of Malware ninjas lined up and ready to take on the CTF tomorrow! Good luck to you all!

T-10 minutes until the SANS Institute, EMEA #sanslondon FOR610 CTF begins, good luck to all participating!

Experimenting with methods for “Inhibiting Malicious Macros by Blocking Risky API Calls” latest SANS DFIR blog digital-forensics.sans.org/blog/2018/04/1…