All Posts

Overview

Just a quick blog post to provide research for a HijackLibs submission. The software J River Media Center, which can be downloaded from here contains an executable (JRService.exe) that is …

This blog post doesn’t contain any cutting edge exploitation or custom security tooling, but it contains some things that I didn’t know previously and know now, and my hope is that it …

TL;DR I dive into an SEO poisoning campaign delivering the Bumblebee loader, analyse a trojanised MSI pretending to be NirSoft software, and explore DLL sideloading in depth — including a hands-on …

There’s been an apparent resurgence of fake CAPTCHA style malware delivery in the recent months. This is a fairly clever way of having a user unknowingly executable malicious code. In this post, …

Sandbox Surfing

It’s been a while since I’ve done one of these, but I had some time and thought I’d do quick analysis of whatever random file I found on public submissions of …

Bitter (APT)

Saw a tweet with a .chm file showing 0 detections on VT and decided to check it out. TL;DR - I learned that the malware does nothing additional that the tweet didn’t already show, …

Strela Stealer

I decided to grab a random malware sample from any.run and have a bit of a poke around. The file I chose from public submissions has the following details:

• MD5: …

Introduction

SpookyLicense is an “easy” reverse engineering challenge offered by HackTheBox, with “easy” in quotes as this one took me a considerable amount of effort. I am fairly new to reversing …

Introduction

This was the final Forensics category challenge in HackTheBox’s recent CTF, Cyber Apocalypse — The Cursed Mission.
My notes won’t be super detailed here as I didn’t do a …