Microsoft Malware Protection Center

Threat Research & Response Blog

Browse by Tags

  • Blog Post: Keeping an eye on the heap

    The Windows heap memory is a rich source of anti-debugging techniques. It can be altered in numerous ways to achieve interesting effects, such as the execution of arbitrary code in particular circumstances. It can also be used in indirect ways, since many APIs allocate and/or free memory as part of their...
  • Blog Post: Some shellcode de-mystified

    The shellcode described in this post was obtained from the Eleonore v1.2 exploit kit. High-level details about that kit are mentioned in my April 2012 blog post . This post is a technical view of the actual shellcode and is intended to be instructive to the inquisitive reader. Since this code is relatively...