Opinions are my own and not of my employer.

POSTS

• Deobfuscating JavaScript Malware Using Abstract Syntax Trees
• Turla Backdoor Bypasses ETW, EventLog and AMSI But It’s Buggy
• Emansrepo Infostealer - PyInstaller, Deobfuscation and LLM
• Process Injection in BugSleep Loader
• Taking a Midnight Walk with PEB and Phobos Ransomware
• Fast & Furious Bumblebee Configuration Extraction
• Looking Closer at BPF Bytecode in BPFDoor
• Getting Rusty and Stringy with Luna Ransomware

GenAI as a Writer

Blog article written by GenAI. Malware analysis, images, content verification by me.

• Detecting KatzStealer: YARA, Snort and Osquery Detections
• Randomized PowerShell and MAFFIA: Process Hollowing via Aspnet_compiler.exe

Sandboxing with ELFEN Series

• Noabot Botnet - Sandboxing with ELFEN and Analysis
• INC Linux Ransomware - Sandboxing with ELFEN and Analysis

TOOLING

• dncil-based Agent Tesla String Deobfuscation
• ELFLepton: Lightweight ELF Parsing and Fixing Tool
• Nighthawk DLL Configuration Extractor

PAPERS

• Unpacking the ELFuck Packer