Opinions are my own and not of my employer.
POSTS
- Deobfuscating JavaScript Malware Using Abstract Syntax Trees
- Turla Backdoor Bypasses ETW, EventLog and AMSI But It’s Buggy
- Emansrepo Infostealer - PyInstaller, Deobfuscation and LLM
- Process Injection in BugSleep Loader
- Taking a Midnight Walk with PEB and Phobos Ransomware
- Fast & Furious Bumblebee Configuration Extraction
- Looking Closer at BPF Bytecode in BPFDoor
- Getting Rusty and Stringy with Luna Ransomware
Sandboxing with ELFEN Series
- Noabot Botnet - Sandboxing with ELFEN and Analysis
- INC Linux Ransomware - Sandboxing with ELFEN and Analysis
TOOLING
- dncil-based Agent Tesla String Deobfuscation
- ELFLepton: Lightweight ELF Parsing and Fixing Tool
- Nighthawk DLL Configuration Extractor