![Reversing a NSIS dropper using quick and dirty shellcode emulation](https://malcat.fr/blog/reversing-a-nsis-dropper-using-quick-and-dirty-shellcode-emulation/excel_decoy.jpg)
Reversing a NSIS dropper using quick and dirty shellcode emulation
We will statically unpack and emulate a malicious NSIS installer running multiple shellcodes, up to the final Lokibot password stealer and its configuration.
Read more →
![Exploit, steganography and Delphi: unpacking DBatLoader](https://malcat.fr/blog/exploit-steganography-and-delphi-unpacking-dbatloader/bbtrex.png)
Exploit, steganography and Delphi: unpacking DBatLoader
We will unroll a maldoc spam exploiting CVE-2018-0798 leading to a multi-staged Delphi dropper abusing steganography and cloud services to conceal its payload
Read more →