TMZ Lair - Underground Coding

Having fun with PE files and GoLang

2 minute read Published:

Opening PE files with GoLang
New blog design, new post. Today I will show how GoLang interacts with PE files in a generic example. You could look further into the native module here or even check its source code here. I do recommend reading it, I am using some bits of code extracted directly from the module source. Here you go. package main import ( "fmt" "debug/pe" "os" "io" "encoding/binary" ) func check(e error) { if e !


5 minute read Published:

Windows version of Linux.Liora
So I decided to port my Linux.Liora ( Go infector to Win32 and it worked great. Minor tweaks were needed in the code, you can run a diff between both and check it out. EDIT: Fixed the PE verification routine, it checks for a proper PE file now. Thanks hh86! Virus source: /* * Win32.Liora.B - This is a POC PE prepender written in Go by TMZ (2015). * * Win32.

Linux.Liora: a Go virus

4 minute read Published:

Simple prepender virus written in GoLang
So this guy asks me in a job interview last week “Have you ever developed in Go?” and well what’s best to learn a language than writting a prepender (probably a lot of things but don’t kill my thrill)? There you have it, the probably first ever binary infector written in GoLang (SPTH LIP hxxp:// “outdately” confirms that - replace hxxp with http, this website is wrongly classified as malicious for some security tools).

Dynamic API Calls in .NET

2 minute read Published:

Using Reflection to call APIs dinamically
Today I’m going to share a way to call APIs without DLLImport. I’ve first saw this years ago at as far as I remember and got into the idea. The code was lost since then but I found a copy. Program.cs using System; using System.Reflection; namespace APICaller { class Program { ``` public static void Main(string[] args) { Console.Title = "Dynamic API Caller"; Console.WriteLine("Press any key to call your API!

MBR Dump With .NET - Part 1

2 minute read Published:

Dumping MBR with .NET
Greetings. Years ago I was messing around with Windows MBR (VXHeaven thread) and got stuck while trying to write a modified copy back to the disk. I’m calling this “Part 1” because I’m still stuck at this and plan to get back on my research. Anyways, it will be a short post, just to share where I was at that time. using System; using System.Runtime.InteropServices; using Microsoft.Win32.SafeHandles; using System.IO; namespace MBR { class MainClass {[DllImport("Kernel32.

A Steganographic .NET Executable

3 minute read Published:

A simple introduction to steganography with .NET
A while ago, alcopaul suggested a .NET executable that could store a secret message inside. While I did not followed his strict theory, I did wrote a working proof of concept, very basic and dirty but, well, it’s only a POC. Here we go (dirty code, do not judge me): Our includes for this application. using System; using System.Reflection; using System.IO; using System.Windows.Forms; using System.Security.Cryptography; I’ll now show you the methods I’m using here.