Blog Archive

RATs

• March 2024 - Quasar RAT - PowerShell Deobfuscation - Config Reversing
• February 2024 - XWorm - Batch Deobfuscation - .NET Loader
• November 2023 - NJRat Injection From Malicious Document
• November 2023 - Reversing ASync RAT Downloaders / Configs

Trojans

• November 2023 - Trickbot Banking Trojan - Dynamic Analysis

Analysis-Evasion

• November 2023 - Overcoming Malware Analysis Evasion - Binary Patching

Shellcode

• January 2024 - All Things Shellcode - Meterpreter, Cobalt Strike

InfoStealer

• March 2024 - Deobfuscating A RedLine Stealer Downloader
• January 2024 - Agent Tesla Malware Analysis - JavaScript to Telegram C2

ClipBanker

• January 2024 - MultiStage ClipBanker - JavaScript to Injection

CTF

• June 2025 - Analysing KoiLoader / KoiStealer with WinDbg
• November 2024 - Huntress CTF 2024 Writeups

Other

• June 2025 - Winos 4.0 / Catena Loader