SANS - Internet Storm Center - Cooperative Cyber Threat Monitor And Alert SystemPublished: 2017-06-05. Last Updated: 2017-06-05 22:01:23 UTC by Didier Stevens (Version: 1) Malware authors often encode their malicious payload, to avoid detection and make analysis more difficult. I regurlarly see payloads encoded with the XOR function. Often, they will use a sequence of bytes as encoding key. For example, let's take Password as encoding key. Then the first byte of the payload i
