Showcasing malware analysis techniques on various samples, as well as sharing some more general DFIR tips & tricks to aid in investigations.

The tools I use are all freely available, most of which come pre-installed in the FLARE VM.

All samples are available on VirusTotal / MalwareBazaar.

Posts

• Nov 7, 2024

  Huntress CTF 2024 Writeups

• Mar 26, 2024

  Quasar RAT - PowerShell Deobfuscation - Config Reversing

• Mar 1, 2024

  Deobfuscating A RedLine Stealer Downloader

• Feb 3, 2024

  XWorm - Batch Deobfuscation - .NET Loader

• Jan 8, 2024

  MultiStage ClipBanker - JavaScript to Injection

• Jan 7, 2024

  Agent Tesla Malware Analysis - JavaScript to Telegram C2

• Jan 6, 2024

  All Things Shellcode - Meterpreter, Cobalt Strike

• Jan 5, 2024

  Phishing for InfoStealers - Deobfuscating PowerShell and Reversing a .NET Binary

• Nov 30, 2023

  Overcoming Malware Analysis Evasion - Binary Patching

• Nov 29, 2023

  NJRat Injection From Malicious Document

• Nov 26, 2023

  Trickbot Banking Trojan - Dynamic Analysis

• Nov 25, 2023

  Reversing ASync RAT Downloaders / Configs

subscribe via RSS