Advanced Cyberchef Techniques - Defeating Nanocore Obfuscation With Math and Flow Control
Applying Flow Control and Mathematical operators to deobfuscate a .vbs loader for Nanocore malware.
Applying Flow Control and Mathematical operators to deobfuscate a .vbs loader for Nanocore malware.
Decoding a Cobalt Strike script with CyberChef and VsCode.
Tracking APT SideWinder Domains With Regular Expressions, Whois Records and Domain Registrars
Tracking Malware Infrastructure Through Subdomain Analysis
Identifying malicious infrastructure through hardcoded TLS Certificates and Subdomains.
Finding phishing domains passive DNS tooling and 302 redirects.
Leveraging Passive DNS to identify APT infrastructure. Building on public intelligence reports.
Malware Infrastructure Tracking Using Passive DNS Intelligence.
Identifying and Removing Obfuscation in a Self-Referencing Latrodectus Loader
Advanced CyberChef techniques using Registers, Regex and Flow Control
Identifying malware infrastructure with the FOFA scanner.
Manual analysis of Cobalt Strike Shellcode with Ghidra. Identifying function calls and resolving API hashing.
Malware Analysis Guides
Manual identification, decryption and fixing of encrypted strings using Ghidra and x32dbg.
Threat Intelligence Guides
Catching 83 Qakbot Servers using Regular Expressions.
Threat Intelligence Guides
Creating Regex Signatures on TLS Certificates with Censys.
Malware Analysis Guides
Leveraging Ghidra to establish context and intent behind imported functions.
Threat Intelligence Guides
Refining Queries and Identifying Suspicious servers using Censys.
Malware Analysis Guides
Leveraging Ghidra to establish context and intent behind suspicious strings.
Malware Analysis Guides
Manually Reversing a decryption function using Ghidra, ChatGPT and CyberChef.
Threat Intelligence Guides
More interesting and practical queries for identifying malware infrastructure.
Threat Intelligence Guides
Identifying Malware infrastructure by combining weak pivot points.
Malware Analysis Guides
Extracting C2 configuration using the Garbageman .NET analysis tool
Threat Intelligence Guides
Identifying Simple pivot points in RisePro Stealer Infrastructure using Censys.
Ghidra Tutorials
Unpacking a simple Cobalt Strike loader using Debuggers and Hardware breakpoints.