Pulling the Thread: Pivoting on DPRK IT Worker Infrastructure
A simple naming pattern search on DPRK-linked infrastructure — and one domain that kept giving.
Posts by Category
Blog
Pulling the Thread: Invite Only
How a suspicious filename led to 88 phishing domains, a shared hosting cluster, and an operator who probably should have used a different email address.
Fragmentation and Blackout: How War Is Reshaping Iran’s Cyber Operations
War is reshaping Iran’s cyber operations. IRGC fragmentation, a near-total internet shutdown, and the loss of senior commanders are creating compounded uncer...
Threat Actors are playing the META
Cybercriminals and nation-state actors are converging on the same TTPs—not because they collaborate, but because efficiency is universal. They’re all playing...
Nothing but dotnet when we shoot
Little talk about dotnet and its use in malware
Turla, the Snake of Attribution
How Turla tries to avoid attribution
Tomorrow night ? Honeymoon on Ice(loader) ?
Write up about the packer used by multiple threat actors during the past few months
Your attribution appears to have been applied to your life
To what point is attribution useful ?
IcedID on my neck I’m the coolest
Unpacking IcedID in order to extract the C2 domain name
Homograph Attack Using Unicode
How Homograph attacks are done using Unicode
Nice to meet you, too. My name is Ryuk.
A comprehensive Ryuk threat analysis
CTF
It’s getting hot in here
WriteUp of the satan challenge from Barbhack 2022
SharkyCTF 2020
SharkyCTF is a CTF organized during Sat, 09 May 2020 — Sun, 10 May 2020 . I participated with my CTF Team T-Regex and I was able to solve some challenges in ...
MalwareAnalysis
CruLoader Analysis
Analysis of a custom malware loader