Recently, I was inspired to dive back into C, this time with a Windows focus. I’ve had previous experience with the basics in college, but I spent all that time…

This is taken from my project Invoke-PEAnalysis. PE File Types To begin with, Portable Executable (PE) is the name given to executable images developed for the Windows operating system. Most…

Before we start talking about logging bypasses and why they generally suck at bypassing logs, I’ll provide a little context on PowerShell logging and ScriptBlocks. PowerShell ScriptBlocks are collections of…

Several days ago, a Github profile allegedly containing leaked documents on the Chinese government’s cyber offensive capabilities was posted. This repository contains multiple chat logs, call records, various images, and…

SolarMarker is one of the more common Infostealers out there. Every analyst is probably tired of seeing users clicking SEO-poisoned links and downloading some variation of Totally-Not-Malware-PDF.exe. Originally observed in…

This week I was browsing MalwareBazaar for interesting samples and came across a GuLoader VBS upload. I’m still pretty new to malware analysis and I haven’t done anything with VBS…

This quick and easy PowerShell module was designed to facilitate search queries between a Gravwell search API endpoint and a local client. It supports pre-configured JSON profiles for running repeated…

Jupyter InfoStealer is fairly common these days. We certainly see a lot of users downloading it in various forms. It’s typically spread through Search Engine Optimization (SEO) poisoning, convincing users…

This is a compilation of the last two weeks of traffic analysis. As always, this is a low-interaction honeypot that deploys FTP, SSH, Telnet, HTTP, HTTPS, IMAP, and VNC honeypots….