Overview Recently I’ve been looking to improve my threat actor infrastructure tracking capabilities, and dust off my IOC pivoting skills—given I’ve spent considerable time lately building infrastr...

Overview So, its been a few weeks since I’ve done any analysis given we’ve just come off the christmas break. Before then, I was neck deep into North Korean malware. Coming off the back of Christma...

Overview In the last blog, I covered a campaign that was being conducted by a cybercriminal using the Phenedrome stealer, which hasn’t been seen in a while. In the last blog, I covered the fake An...

Overview A few days ago, I was scrolling X (formally Twitter) where I follow other people in the cyber community, and came across a post about a threat actor impersonating the AnyDesk website to s...

Overview AsyncRAT is a remote access trojan (RAT) built to remotely monitor and control other computers through a secure, encrypted connection. The name “AsyncRAT” comes from its core functionalit...

In malware development, payload placement refers to where and how the malicious code (the payload) is embedded or hidden within a system to execute harmful functions without detection. Use cases fo...

With JavaScript being a popular programming language used in many web technologies, it often gets used by threat actors as initial stage payloads. Such scripts could have Powershell code embedded i...

A Portable Executables (PE) is the file format for executables on Windows. A few examples of PE file extensions are .exe, .dll, .sys, and .scr. In this blog psot, I’ll discuss the Windows PE struct...