Malware Analysis Space

  Though over a decade old, Uroboros reflects a level of technical mastery and creative mindset that still challenges analysts today     “To understand the immeasurable, the mind must be extraordinarily quiet, still.” — Jiddu Krishnamurti   By Seeker( 李标明 ) China Independent Malware Analyst & Researcher Download the Full Report (PDF) Prologue: The Temple and the Kerne l Recently, I still climbed a mountain and visited the temple again and again. Here, I keep moving to find more. In fact, to be honest, I’m still facing a lot of unknowns to learn, and that means continuing even when I’m confused or overwhelmed . And I like to do internal observation as my daily habit.   Most call it snake and Uroburos. I notice that Kaspersky used Uroburos or Uroboros in 2014 or 2015, but I like the name "Uroboros." Yeah, they are the same thing.   In this report, the first important thing is to do a simple static analysis and grasp their ...

  Uroboros Revisited: Tracing PatchGuard-Evasive Techniques Beyond SSDT Hooking A status-based anti-analysis case study on NtProtectVirtualMemory interception in x64 Windows       “To understand the immeasurable, the mind must be extraordinarily quiet, still.” — Jiddu Krishnamurti   By Seeker( 李标明 ) China Independent Malware Analyst & Researcher Download the Full Report (PDF) Poem: It is one way I talk to myself Paper Boat Recalling my childhood, A small paper boat folded on a rainy day, Sinking as it drifted down the ditch. From the little wooden door, it floated Toward the foot of the mountain. Again and again, I folded those paper boats — Just I and the boat. By Seeker( 李标明 ) , 2025.4.1 Prologue: The Temple and the Kernel Recently, I still climbed a mountain and visited the temple again and again, as you know from my last report, the SSDT hooking report mentioned. Here I keep moving to find more.   ...