DLL Sideloading - JRTools.dll
Overview
Just a quick blog post to provide research for a HijackLibs submission. The software J River Media Center, which can be downloaded from here contains an executable (JRService.exe) that is …
🏷️ All Tags
Browse posts by tag to find exactly what you're looking for!
FortiGate DFIR Notes
📅 Jan 7, 2026
⏱️ 8 min read
🏷️
DFIR
This blog post doesn’t contain any cutting edge exploitation or custom security tooling, but it contains some things that I didn’t know previously and know now, and my hope is that it …
Bumblebee
📅 Sep 15, 2025
⏱️ 7 min read
TL;DR I dive into an SEO poisoning campaign delivering the Bumblebee loader, analyse a trojanised MSI pretending to be NirSoft software, and explore DLL sideloading in depth — including a hands-on …
Fake CAPTCHA leads to Vidar Stealer
📅 Feb 8, 2025
⏱️ 12 min read
There’s been an apparent resurgence of fake CAPTCHA style malware delivery in the recent months. This is a fairly clever way of having a user unknowingly executable malicious code. In this post, …
ASyncRAT [IR/Malware Analysis]
📅 Jan 19, 2025
⏱️ 7 min read
Sandbox Surfing
It’s been a while since I’ve done one of these, but I had some time and thought I’d do quick analysis of whatever random file I found on public submissions of …
Bitter [IR/Malware Analysis]
📅 Jul 15, 2024
⏱️ 5 min read
Bitter (APT)
Saw a tweet with a .chm file showing 0 detections on VT and decided to check it out. TL;DR - I learned that the malware does nothing additional that the tweet didn’t already show, …
Strela Stealer [IR/Malware Analysis]
📅 Feb 25, 2024
⏱️ 8 min read
🏷️
reverse_engineering
,
DFIR
Strela Stealer
I decided to grab a random malware sample from any.run and have a bit of a poke around. The file I chose from public submissions has the following details:
- MD5: …
