Welcome!

This is the personal blog of Daniel Plohmann.
I mostly write about malware analysis, reverse engineering, and projects that I am or have been working on.

Blog Posts

• 2024-03-08 » MalpediaFLOSSed
• 2023-08-02 » Upgraded MCRIT Feature: IDA Plugin
• 2023-08-01 » Knowledge Fragment: Hardening Win10 x64 on VirtualBox for Malware Analysis
• 2023-06-05 » MCRIT: The MinHash-based Code Relationship & Investigation Toolkit
• 2020-07-10 » Knowledge Fragment: Casting Sandbox Necromancy on DADSTACHE
• 2020-03-20 » init()
• 2018-05-22 » The Big Zeus Family Similarity Showdown v2
• 2018-04-18 » Upgrading ApiScout: Introducing ApiVectors
• 2018-01-14 » The Big Zeus Family Similarity Showdown
• 2017-05-16 » Quick analysis write-up on the link between Lazarus and WannaCry
• 2017-04-10 » ApiScout: Painless Windows API information recovery
• 2017-02-05 » Knowledge Fragment: Hardening Win7 x64 on VirtualBox for Malware Analysis
• 2015-08-18 » Knowledge Fragment: Fobber Inline String Decryption
• 2015-08-18 » Knowledge Fragment: Unwrapping Fobber
• 2015-04-15 » Knowledge Fragment: Bruteforcing Andromeda Configuration Buffers
• 2014-09-25 » DingleElite DDoS Bot (WOPBOT)
• 2014-09-24 » ByteAtlas Intro
• 2014-02-07 » IDAScope v1.1: YARA scanning
• 2014-01-29 » PyBox Relaunch
• 2013-06-05 » Small IDAscope update
• 2013-01-05 » IDAscope progress
• 2013-01-05 » 29c3 Trip Report
• 2012-11-18 » TDD & IDAPython
• 2012-11-01 » PKCS detection
• 2012-10-27 » Online WinAPI & hack.lu slides
• 2012-09-18 » IDAscope *fixed*
• 2012-09-17 » IDAscope Release!
• 2012-09-01 » IDAscope Beta Update
• 2012-08-20 » IDAscope Beta!
• 2012-08-15 » IDAscope update: Crypto Identification
• 2012-07-25 » WinAPI Browsing
• 2012-07-18 » Introducing IDAscope

Some of my noteworthy projects

• Malpedia: A free, community-curated resource for rapid identification and actionable context when investigating malware.
• DGArchive: A free service allows resolving or calculating domain names that are dynamically created by malware using Domain Generation Algorithms (DGAs).
• MalpediaFLOSSed:A collection of strings found in malware and their occurrences across families.
• MCRIT:The MinHash-based Code Relationship & Investigation Toolkit.
• ApiScout: Simplifying Windows API import recovery on arbitrary memory dumps.
• SMDA: A minimalist recursive disassembler library that is optimized for accurate Control Flow Graph (CFG) recovery from memory dumps.
• IDAscope: IDAscope is an IDA Pro extension, intended to ease reverse engineering with a focus on malware analysis. Still needs to be migrated for IDA 7.3 and above...