In this article, I will show how easy and fast it is to dump the payload of a packed malware using a simple python script. This explanation is based on the semantic breakpoints feature of Tycho and its open-source library . If you are not familiar with Tycho, you can have a look at the previous ..read more

Winnti is injecting its code into an instance of . This means by dumping the virtual memory of each process and checking it with the specific and the following will show you how it's done. one can detect if Winnti is active on the target PC. Fortunately, dumping virtual memory of a process is really easy and convenient with ..read more

In this article I present a python script that combines in order to analyze physical memory from a target machine. This is especially important when dealing with unknown malware samples. Unlike other approaches, allows an analyst to carefully monitor processes without ever having to fear that the malware could detect the analyst - read more about this . For example if a machine is suspected to be infected by some unknown malware, Tycho can be used to extract the possibly malicious program for further analysis using , that I developed during my internship and present in this article. The script ..read more

This article demonstrates how Tycho can be used to gain valuable data on how a process or malware sample behaves to therefore detect said sample successfully. With the help of the ELK (Elasticsearch, Logstash, Kibana) stack it is possible to display the gained data in a dashboard to visualize how the sample behaves ..read more

In this article I present a python script that combines in order to analyze physical memory from a target machine. This is especially important when dealing with unknown malware samples. Unlike other approaches, allows an analyst to carefully monitor processes without ever having to fear that the malware could detect the analyst - read more about this . For example if a machine is suspected to be infected by some unknown malware, Tycho can be used to extract the possibly malicious program for further analysis using , that I developed during my internship and present in this article. The script ..read more

In this article, I will show how easy and fast it is to dump the payload of a packed malware using a simple python script. This explanation is based on the semantic breakpoints feature of and its open-source library . If you are not familiar with Tycho, you can have a look at the previous ..read more

In this blog article i will show you, how to quickly and easily create a small network analysis tool for TCP connections with Tycho. The goal is to detect when a process connects to a server, find out the address of the server, and report what data is exchanged. . From these servers it receives instructions, keys are exchanged or new functions are loaded in the form of payloads. If you want to analyze unknown Malware, it is a good first step to find out if the malware connects to a server ..read more

Winnti is injecting its code into an instance of . This means by dumping the virtual memory of each process and checking it with the specific and the following will show you how it’s done. one can detect if Winnti is active on the target PC. Fortunately, dumping virtual memory of a process is really easy and convenient with ..read more

This blog post introduces the Hedron Hypervisor and philosophy around it. . Hedron already drives our malware analysis platform and will soon be at the heart of a high-security workstation solution ..read more

Today Cyberus Technology announces the general availabiliy of SVP, a fast, flexible and secure virtualization platform. SVP is a fully vertically integrated virtualization solution, designed to enable our customers’ use-cases with high performance and increased security. has adopted our fast and flexible Secure Virtualization Platform, SVP, as the base platform of SINA Workstation . SINA Workstation is a secure workstation designed for modern working in Public Administration ..read more