Posts by Tag

Nothing but dotnet when we shoot

November 20, 2022 4 minute read

Little talk about dotnet and its use in malware

It’s getting hot in here

August 29, 2022 3 minute read

WriteUp of the satan challenge from Barbhack 2022

Tomorrow night ? Honeymoon on Ice(loader) ?

May 14, 2021 3 minute read

Write up about the packer used by multiple threat actors during the past few months

IcedID on my neck I’m the coolest

April 11, 2021 4 minute read

Unpacking IcedID in order to extract the C2 domain name

Nice to meet you, too. My name is Ryuk.

February 27, 2021 6 minute read

A comprehensive Ryuk threat analysis

Pulling the Thread: Pivoting on DPRK IT Worker Infrastructure

April 30, 2026 1 minute read

A simple naming pattern search on DPRK-linked infrastructure — and one domain that kept giving.

Pulling the Thread: Invite Only

April 21, 2026 8 minute read

How a suspicious filename led to 88 phishing domains, a shared hosting cluster, and an operator who probably should have used a different email address.

Fragmentation and Blackout: How War Is Reshaping Iran’s Cyber Operations

April 14, 2026 5 minute read

War is reshaping Iran’s cyber operations. IRGC fragmentation, a near-total internet shutdown, and the loss of senior commanders are creating compounded uncer...

Threat Actors are playing the META

April 7, 2026 3 minute read

Cybercriminals and nation-state actors are converging on the same TTPs—not because they collaborate, but because efficiency is universal. They’re all playing...

Beyond the Wiper — What Unit42’s Iran Analysis Misses

March 19, 2026 5 minute read

Turla, the Snake of Attribution

April 29, 2022 3 minute read

How Turla tries to avoid attribution

Tomorrow night ? Honeymoon on Ice(loader) ?

May 14, 2021 3 minute read

Write up about the packer used by multiple threat actors during the past few months

Your attribution appears to have been applied to your life

April 25, 2021 5 minute read

To what point is attribution useful ?

Nice to meet you, too. My name is Ryuk.

February 27, 2021 6 minute read

A comprehensive Ryuk threat analysis

Pulling the Thread: Invite Only

April 21, 2026 8 minute read

How a suspicious filename led to 88 phishing domains, a shared hosting cluster, and an operator who probably should have used a different email address.

Fragmentation and Blackout: How War Is Reshaping Iran’s Cyber Operations

April 14, 2026 5 minute read

War is reshaping Iran’s cyber operations. IRGC fragmentation, a near-total internet shutdown, and the loss of senior commanders are creating compounded uncer...

Threat Actors are playing the META

April 7, 2026 3 minute read

Cybercriminals and nation-state actors are converging on the same TTPs—not because they collaborate, but because efficiency is universal. They’re all playing...

Beyond the Wiper — What Unit42’s Iran Analysis Misses

March 19, 2026 5 minute read

Nothing but dotnet when we shoot

November 20, 2022 4 minute read

Little talk about dotnet and its use in malware

It’s getting hot in here

August 29, 2022 3 minute read

WriteUp of the satan challenge from Barbhack 2022

SharkyCTF 2020

May 11, 2020 15 minute read

SharkyCTF is a CTF organized during Sat, 09 May 2020 — Sun, 10 May 2020 . I participated with my CTF Team T-Regex and I was able to solve some challenges in ...

Fragmentation and Blackout: How War Is Reshaping Iran’s Cyber Operations

April 14, 2026 5 minute read

War is reshaping Iran’s cyber operations. IRGC fragmentation, a near-total internet shutdown, and the loss of senior commanders are creating compounded uncer...

Beyond the Wiper — What Unit42’s Iran Analysis Misses

March 19, 2026 5 minute read

SharkyCTF 2020

May 11, 2020 15 minute read

SharkyCTF is a CTF organized during Sat, 09 May 2020 — Sun, 10 May 2020 . I participated with my CTF Team T-Regex and I was able to solve some challenges in ...

SharkyCTF 2020

May 11, 2020 15 minute read

SharkyCTF is a CTF organized during Sat, 09 May 2020 — Sun, 10 May 2020 . I participated with my CTF Team T-Regex and I was able to solve some challenges in ...

CruLoader Analysis

April 5, 2021 6 minute read

Analysis of a custom malware loader

Beyond the Wiper — What Unit42’s Iran Analysis Misses

March 19, 2026 5 minute read

Pulling the Thread: Invite Only

April 21, 2026 8 minute read

How a suspicious filename led to 88 phishing domains, a shared hosting cluster, and an operator who probably should have used a different email address.

Pulling the Thread: Invite Only

April 21, 2026 8 minute read

How a suspicious filename led to 88 phishing domains, a shared hosting cluster, and an operator who probably should have used a different email address.

Pulling the Thread: Pivoting on DPRK IT Worker Infrastructure

April 30, 2026 1 minute read

A simple naming pattern search on DPRK-linked infrastructure — and one domain that kept giving.