Bumblebee
TL;DR I dive into an SEO poisoning campaign delivering the Bumblebee loader, analyse a trojanised MSI pretending to be NirSoft software, and explore DLL sideloading in depth — including a hands-on …
All Posts
📊 Total Posts: 7
Fake CAPTCHA leads to Vidar Stealer
There’s been an apparent resurgence of fake CAPTCHA style malware delivery in the recent months. This is a fairly clever way of having a user unknowingly executable malicious code. In this post, …
ASyncRAT [IR/Malware Analysis]
Sandbox Surfing
It’s been a while since I’ve done one of these, but I had some time and thought I’d do quick analysis of whatever random file I found on public submissions of …
Bitter [IR/Malware Analysis]
Bitter (APT)
Saw a tweet with a .chm file showing 0 detections on VT and decided to check it out. TL;DR - I learned that the malware does nothing additional that the tweet didn’t already show, …
Strela Stealer [IR/Malware Analysis]
Strela Stealer
I decided to grab a random malware sample from any.run and have a bit of a poke around. The file I chose from public submissions has the following details:
- MD5: …
HTB - SpookyLicense [reversing]
Introduction
SpookyLicense is an “easy” reverse engineering challenge offered by HackTheBox, with “easy” in quotes as this one took me a considerable amount of effort. I am fairly new to reversing …
HTB - Pandora's Bane [forensics]
Introduction
This was the final Forensics category challenge in HackTheBox’s recent CTF, Cyber Apocalypse — The Cursed Mission.
My notes won’t be super detailed here as I didn’t do a …
