top of page
The Invisible Link: Inside the PE Header's Connection to PDBs
Have you ever loaded an executable into WinDbg or Visual Studio and watched as it instantly found the matching symbols? It lights up the call stack with function names and snaps right to the source code line. It feels seamless, but underneath that convenience lies a rigid, decades-old structure embedded in every Windows EXE and DLL. The binary itself holds the map to its own debugging information. Whether you are into reverse engineering, malware analysis, or just optimizing
Josh Stroschein
Nov 23, 20255 min read
Analyzing Shellcode with SCLauncher
Analyzing and debugging shellcode is a common task when performing malware analysis, exploit development and reverse engineering....
Josh Stroschein
Mar 18, 20244 min read
Customizing FakeNet-NG's Default Web Root
This article delves into tailoring Fakenet-NG 's default web root, empowering you to craft a more precise and controlled environment for...
Josh Stroschein
Mar 4, 20242 min read
Identifying UserForms with Oledump and Olevba
Malware authors often find creative ways to obfuscate and store their data and malicious office documents are no exception. One such...
Josh Stroschein
Feb 27, 20242 min read
bottom of page