Writing Malware Traffic Decrypters for ISFB/Ursnif
Daniel Bunce explains how to decrypt traffic between an attacker’s C2 and an endpoint infected with ISFB malware
Read More
Writing Malware Configuration Extractors for ISFB/Ursnif
Daniel Bunce demonstrating automated IOC extraction using a python script and an example of ISFB/Ursnif malware.
Read More
Deep Insight into “FIN7” Malware Chain: From Office Macro Malware to Lightweight JS Loader
Vitali Kremez dissecting the ‘Fin7’ malware chain that leverages malicious MS Office Macros and a JS loader.
Read More
Info Stealers | How Malware Hacks Private User Data
Continuing our free Zero2Hero malware reverse engineering course, Daniel Bunce dives into the details of KPot, Vidar & Raccoon Info Stealers.
Read More
Detecting macOS.GMERA Malware Through Behavioral Inspection
New malware hits macOS with well-worn techniques. Can behavioral detection prevent attacks that evade legacy AV and built-in Apple security?
Read More
Trickbot Update: Brief Analysis of a Recent Trickbot Payload
In many ways, Trickbot parallels the evolution of contemporary threats (such as #Emotet) via its modular and expandable architecture. We took it for a test
Read More
FIN6 “FrameworkPOS”: Point-of-Sale Malware Analysis & Internals
Vitali Kremez diving into the FIN6 “FrameworkPOS”, targeting payment card data from Point-of-Sale (POS) or eCommerce systems.
Read More
RIG Exploit Kit Chain Internals
Vitali Kremez explaining the RIG Exploit Kit and the infection chain internals that led to the Amadey Stealer and Clipboard Hijacker.
Read More
Gootkit Banking Trojan | Part 3: Retrieving the Final Payload
Gootkit’s final payload contains multiple Node.js scripts. Join Daniel Bunce as he reverse engineers the malware to take a deeper look at what it delivers.
Read More
macOS Incident Response | Part 3: System Manipulation
How can you detect system manipulations by malware, local or remote attackers on macOS? Find out in the final part of our series on macOS Incident Response.
Read More