ReversingLabs' YARA rule detects a Cobalt payload exploiting CVE-2017-11882
A 17-year-old vulnerability in Microsoft Office Equation Editor is now confirmed to be exploited by the Cobalt Group
Threat Research
ReversingLabs' YARA rule detects a Cobalt payload exploiting CVE-2017-11882
Constant Insecurity: Things you didn’t know about (PE) Portable Executable file format
One constant challenge of modern security will always be the difference between published and implemented specifications.
Reverse engineering software protections
Learn how to do in depth analysis of compressed and encrypted binary files.
Reversing software compressions: Tale of dragons and men who slay them
Reverse engineering compressed binaries has been a necessity for more than a two decades now, and we as reverse engineers are always on a lookout for newest and fastest ways of accomplishing our goal.