Overview In the last blog, I covered a campaign that was being conducted by a cybercriminal using the Phenedrome stealer, which hasn’t been seen in a while. In the last blog, I covered the fake An...

Overview A few days ago, I was scrolling X (formally Twitter) where I follow other people in the cyber community, and came across a post about a threat actor impersonating the AnyDesk website to s...

Overview AsyncRAT is a remote access trojan (RAT) built to remotely monitor and control other computers through a secure, encrypted connection. The name “AsyncRAT” comes from its core functionalit...

In malware development, payload placement refers to where and how the malicious code (the payload) is embedded or hidden within a system to execute harmful functions without detection. Use cases fo...

With JavaScript being a popular programming language used in many web technologies, it often gets used by threat actors as initial stage payloads. Such scripts could have Powershell code embedded i...

A Portable Executables (PE) is the file format for executables on Windows. A few examples of PE file extensions are .exe, .dll, .sys, and .scr. In this blog psot, I’ll discuss the Windows PE struct...