BestHub
Sign in
Tagged articles
4 articles
Page 1 of 1
Black & White Path
Black & White Path
May 1, 2026 · Information Security

Rare‑Earth Bait: Technical Analysis of a Shellcode Loader

The 2025 Malware Hunter sample disguises a password‑protected PDF about rare‑earth governance as bait, then uses SecurityKey.exe to display the password, allocate RWX memory, run a PEB‑traversing, API‑hashing downloader shellcode, impersonate a REIA domain, and finally execute the payload via Windows fibers, with detailed detection recommendations provided.

FNV-1a hashInformation Securityfiber execution
0 likes · 13 min read
Rare‑Earth Bait: Technical Analysis of a Shellcode Loader
MaGe Linux Operations
MaGe Linux Operations
Aug 19, 2017 · Information Security

How XShell Became a Backdoor: Deep Dive into Its Malicious Shellcode

Tencent Security Lab dissected the compromised XShell remote terminal, revealing a three‑stage malicious process where patched binaries load encrypted shellcode, exfiltrate system information via dynamically generated DGA domains, and ultimately deploy a svchost‑based payload, with detailed IOC listings and remediation advice.

DGAInformation SecurityIoC
0 likes · 7 min read
How XShell Became a Backdoor: Deep Dive into Its Malicious Shellcode
ITPUB
ITPUB
Nov 1, 2016 · Information Security

How Linux Buffer Overflows Work and How to Defend Against Them

This article explains the mechanics of Linux buffer‑overflow attacks with concrete C and assembly examples, shows how to craft and execute shellcode, and demonstrates practical mitigation techniques such as using Libsafe with LD_PRELOAD to protect vulnerable programs.

LD_PRELOADLibsafeLinux security
0 likes · 23 min read
How Linux Buffer Overflows Work and How to Defend Against Them