Skip to main content
230 questions
Newest Active Bountied Unanswered
Filter by
Sorted by
Tagged with
1 vote
0 answers
34 views

I am working on a project using NEAT (NeuroEvolution) for malware classification. The dataset is relatively large - say 70000 training and 50000 test samples, and I imagine that evaluating the fitness ...
Shaylin Velen's user avatar
  • 11
0 votes
0 answers
71 views

I'm developing a React App that allows users to upload images and videos. The app is hosted on Firebase, uses Google Cloud Storage to store user's data and Cloud Functions as a serverless back-end. ...
GSkyline's user avatar
  • 13
0 votes
0 answers
618 views

I was running my regular anti virus scanner using an Anti-virus software from Avast and the report flagged 3 potential threats. The thing is: they are all linked to a python3.11 site package called ...
Amine's user avatar
  • 144
0 votes
0 answers
154 views

Since last week Norton 360 and AVG/Avast has started to flag my app as Malware for some reason, no updates has been done on the app for several weeks. Google Play Protect, Windows Defender, ...
Mårten Swärd's user avatar
  • 43
-4 votes
1 answer
75 views

Phrased differently, can an encrypted malware still act ? Not encrypted by design, but after the fact. And can it still be detected by an antivirus when in encrypted form ? (Given it is in decrypted ...
Irios's user avatar
  • 583
0 votes
1 answer
375 views

I have developed a small Python program by my own, which I would like to build with gitlab-ci. I first tried it locally on my computer (Win10), and built an executable with pyinstaller. All went well ...
Enzo's user avatar
  • 1
-1 votes
1 answer
245 views

As the topic suggests, how exactly can we use android emulators like Android studio to create a sandbox-like environment(or can we?) (in this context: detection of malicious files). I've heard of ...
Sumedh Atreya's user avatar
  • 1
0 votes
1 answer
363 views

I am plagued by false-positive malware reports involving pyinstaller, which is a known problem (compare pyinstaller#7967). Now I finally meet these problems on CI, and I am able to reproduce it using ...
bers's user avatar
  • 6,309
0 votes
0 answers
533 views

I am wondering if there are tools or products available that serve the same purpose as online tools such as URLVoid and Virustotal, but for offline use. I have a machine that is not connected to the ...
Georgi Nikolov's user avatar
  • 133
-3 votes
1 answer
58 views

I work with Nucleon EDR, and I want to understand how the Zero Trust paradigm works.
Tourapz's user avatar
  • 7
0 votes
0 answers
57 views

How to collect in memory strings of process which executes for a second and terminates in seconds?, if even not able to suspend it to check for in memory strings I was analyzing one malware file which ...
santosha's user avatar
  • 1
0 votes
1 answer
579 views

I'm not a professional at recognizing security in Python modules, but is one of these Python modules possibly dangerous or contains malware? altgraph 0.17.3 atlassian-python-api ...
Legendview's user avatar
  • 19
1 vote
1 answer
193 views

I'm trying to create a test app to test some code out for my main app, which creates ImageViews inside a ViewFlipper using an On-Click Button event. Every time I press the button, the code works as ...
Syed Abdullah's user avatar
  • 59
1 vote
2 answers
961 views

I have a simple asp.net website. Recently, I have noticed it adds one div with an anchor tag to an external. I have also noticed another link of apparent jQuery file from a thirdparty site that ...
marifrahman's user avatar
  • 690
1 vote
1 answer
707 views

I had several malware samples and used PEStudio for static analysis. Some samples worked very well, but other samples that PEStudio could not analyze it. Very few sections in PEstudio are grayed out ...
user15503745's user avatar
  • 17
0 votes
0 answers
258 views

I have been having a really strange issue which I have tried all ways to troubleshoot from my end but was not successful. I am going through a malware analysis course and following the debugging ...
Daksh Kapur's user avatar
  • 11
-1 votes
1 answer
192 views

There are various ways to monitor filesystem access on MacOS Ventura, like fs_events or the new Endpoint Security System Extension framework. Is there a way to intercept and potentially prevent a ...
Yuri's user avatar
  • 3
0 votes
1 answer
479 views

`I am new to using PEfile . i actually started working on it for a project. I wrote a code in python to extract the following from a executable file ('Name', 'md5', 'Machine', 'SizeOfOptionalHeader', '...
Ibrahim Fawaz Olamide's user avatar
  • 1
1 vote
0 answers
679 views

I need to create a database where I store yara rules, specifically i need data from meta section like the author, filetype and description (if they exist), also I need the name of the rule I've been ...
AMLO_TACTICO's user avatar
  • 11
2 votes
1 answer
309 views

Building a malware classifier for a class and I am just trying to implement a loop that goes through every file in a folder using os.listdir() and I specified that the folder is the given argv. I have ...
Vyxxen's user avatar
  • 21
1 vote
4 answers
780 views

I've been using Atom for years on my Mac. I know it has been end-of-lifed by its dev team. I haven't installed anything new on it like plugins for many months. After the latest MacOS update, I get ...
gwhiz's user avatar
  • 117
0 votes
0 answers
1k views

I want to detect hook behavior of MSHookFunction on Android but no idea yet. This is Cydia Substrate I use in my test app https://github.com/Breathleas/Android-Hooking-Template-Cydia-Substrate/tree/...
Ken Kem's user avatar
  • 665
0 votes
1 answer
1k views

I'm doing a lab on HTB and i need to download olevba, however when i do it doesn't work. I'm using linux commands i'm using to install are, sudo apt install python3-pip then, in I'm using linux ...
travis bazile's user avatar
  • 1
0 votes
0 answers
194 views

This is weird, so I am trying to compile this code: #include <stdio.h> #include <stdlib.h> typedef struct { int sz; unsigned char sequence[]; } morsechar; int main(void) { ...
Peaser's user avatar
  • 575
0 votes
2 answers
4k views

I have a 7z archive that i downloaded from practicalsecurityanalytics.com that contains malware files and benign files of 117GB. The compressed size of this file is 43.8GB which is large and i do not ...
pr1sm8's user avatar
  • 1
0 votes
1 answer
130 views

EDIT: Solved by creating rules with auditctl and then getting the logs from an specific key with ausearch. I'm basically creating a tool to detect Ransomware activity with honeypots spread across the ...
capybar0's user avatar
  • 1
0 votes
1 answer
236 views

I'm building a Memory Scanner with ctypes and after I create a buffer with VirtualAlloc(), then I use ReadProcessMemory() to write the memory contents in the buffer, but how can I see the contents to ...
Leonardo Poloni's user avatar
  • 3
-1 votes
3 answers
170 views

Can someone please help me with this? I'm attempting to follow the below guide on installing LMD (Linux Malware Detect) on CentOS. https://www.tecmint.com/install-linux-malware-detect-lmd-in-rhel-...
Jesse C.'s user avatar
  • 11
1 vote
1 answer
487 views

in GDB , i want to save the result of x/x $rsp command , the value inside the address showing example: the result of the command x/x $rsp is 0xffffaaaa : (0x00400b) i want to save that ...
Noob_learner_90's user avatar
  • 71
0 votes
1 answer
453 views

ETA. Okay, based on some advice I'd received, I used go build main.go rather than go run main.go This puts the main.exe in my project folder (which I excluded) rather than putting a temporary main....
YvetteS's user avatar
  • 1
0 votes
0 answers
142 views

I am thinking of creating a Kibana Dashboard to detect malware by the use of graphs/visualizations. Anyone have any ideas on how I can implement a dashboard based on different visualizations of ...
RedTiger66's user avatar
  • 1
1 vote
1 answer
183 views

A co-worker has encountered a strange issue where their containerized app, which is running under lowered privileges, sometimes crashes at startup with a mysterious EPERM: operation not permitted, ...
Jacob's user avatar
  • 79k
0 votes
1 answer
1k views

I have setup cuckoo sandbox and already analyzing some malware the problem is im having a difficult time trying to understand the json report . could anyone please help me understand the following : ...
ray's user avatar
  • 63
0 votes
1 answer
98 views

Can we use AWS Device Farm to test anti-virus application by installing real malware on rented devices?
Dania's user avatar
  • 3
0 votes
1 answer
101 views

I know nothing about networking. so I need serious help here. I was on a Zoom call with my mentor and we were talking about the difference between HTTP, HTTP1, and HTTP2. Then he noticed that even ...
Rashad Bayram's user avatar
  • 69
1 vote
1 answer
933 views

Can anyone help where I can find sample portable executable files to test my small anti virus project? Any trust worthy reference for PE files in PC would be helping very much. I am testing on windows ...
Prashanth C's user avatar
  • 35
0 votes
1 answer
551 views

I'm trying to figure out where jump tables (a data table pairing subroutine names with their addresses) are placed within an executable, and whether it's based on the language, the compiler, or if ...
J.Todd's user avatar
  • 847
0 votes
1 answer
747 views

Which Roblox/LUAU classes can have malware/scripts hidden inside? Which classes will still be executed as a script? Which classes cannot contain a malicious script? Audio? Since the complaint has been ...
GAM II's user avatar
  • 45
1 vote
1 answer
940 views

I'm sending requests to the Google safe browsing API. I believe I'm following their documentation correctly. I've tried regenerating my key. I'm sending the request below POST https://safebrowsing....
Mr J's user avatar
  • 2,999
0 votes
0 answers
196 views

So I was opening visual studio code and I saw that I have a new html file that I don't remember having previously. It is 247,365 characters and 4,354 words. does anyone know what this is?(it also ...
Twisted Bannana Number 5's user avatar
  • 3
-1 votes
2 answers
298 views

To avoid false positive, how can we create a whitelist of IP or Range of IP. I tried to create a IP whitelist by using resolving IP of the whitelist domain. Do you guys have any idea?
Izahaak's user avatar
  • 11
0 votes
2 answers
3k views

I am trying to fetch the json response using the VirusTotal API. To fetch the results as a response I have created a python script which is as shown below : Then error show like this : [Winerror]:...
Akshay Mewada's user avatar
  • 301
-2 votes
2 answers
740 views

My website https://feminspacebeauty.com is effected with a malware redirecting to https://click.driverfortnigtly.ga/GMtCh34S , I tried by asking help from hosting provider they send me a list of ...
Gireesh Viswakarma's user avatar
  • 11
0 votes
1 answer
2k views

The malware is of PE type. Use the magic bytes for this file type. To create a rule with a lot of strings it may be useful to write a script that creates the rule for you. The strings found through ...
Tapan Jatakia's user avatar
  • 1
0 votes
1 answer
993 views

I am working on a malware detection project where I am using both radare2 and r2pipe. I know how to find the cross references of a function and string with the help of "axt @function_address/...
RAMA's user avatar
  • 13
32 votes
4 answers
26k views

How safe are extensions in Visual Studio Code? Can extensions introduce malware? Is it safe to install any extension?
raul isai monroy's user avatar
  • 437
0 votes
1 answer
1k views

For a school project, I'm developing a tiny malware that replicate itself and autorun with reg keys. I want my program to set a reg key to autorun but when I do it Windows defender detect the ...
Sad1que's user avatar
  • 47
1 vote
0 answers
860 views

Running the command peepdf <filepath> on mac gives the following output: >peepdf 1614210893839_DEMOGRAPHICS.pdf File: 1614210893839_DEMOGRAPHICS.pdf MD5: ec49e8cd8782c6529e5107200e89364f ...
corecipher's user avatar
  • 11
0 votes
1 answer
2k views

I have a malware to analyze with md5sum - 000cbfb28e750f2e321551c03e4fe488 When I run file {malware-file-name} it shows : Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.3,...
achal's user avatar
  • 21
0 votes
1 answer
246 views

I want to analyze a large and confusing JS code. The code is heavily obfuscated and even tools like JStillery cannot work with it. I would like to somehow build one of the open JS-interpreters, run it ...
bukkojot's user avatar
  • 1,548

1
2 3 4 5