malware

The Problem with PowerShell Logging Bypasses

 June 24, 2024

Before we start talking about logging bypasses and why they generally suck at bypassing logs, I’ll provide a little context on PowerShell logging and ScriptBlocks. PowerShell ScriptBlocks are collections of…

📌
read more

Using Bitwise NOT operations to obfuscate commands in PowerShell

 May 24, 2024

Bitwise NOT commands are often used in PowerShell malware samples to obfuscate commands. A bitwise NOT operation flips all the bits in a given byte sequence. There are many ways…

📌
read more

The Evolution and Analysis of SolarMarker Project Announcement

 February 14, 2024

SolarMarker is one of the more common Infostealers out there. Every analyst is probably tired of seeing users clicking SEO-poisoned links and downloading some variation of Totally-Not-Malware-PDF.exe. Originally observed in…

📌
read more

GuLoader Analysis

 December 15, 2023

This week I was browsing MalwareBazaar for interesting samples and came across a GuLoader VBS upload. I’m still pretty new to malware analysis and I haven’t done anything with VBS…

📌
read more

Playing around with Solarmarker/Jupyter InfoStealer

 December 3, 2023

Jupyter InfoStealer is fairly common these days. We certainly see a lot of users downloading it in various forms. It’s typically spread through Search Engine Optimization (SEO) poisoning, convincing users…

📌
read more