Warning: The repository associated with this post contains malicious binaries (core, core_packed, soldier, soldier_packed) for educational purposes. Don't go around toying with them if you don't know what you're doing. A couple of days ago i came across this post detailing a joint project between Ethan Heilman and Will Cummings discussing Hacking Team's crypter named 'core-packer'. The crypter's source was leaked online after the Hacking Team compromise of July 2015. As Heilman notes despite the name 'core-packer' is a crypter as it doesn't perform compression but rather uses anti-analysis functionality (including encryption) to obfuscate malicious PEs in order to evade anti-virus products. Taking a look at 'core-packer' provides an interesting glimpse at the quality (or lack thereof) of 'government-grade' commercial malware products.