Tony Lambert
An educator that does security things
HOME
CATEGORIES
TAGS
ARCHIVES
ABOUT
Home
Archives
Archives
Cancel
Archives
2023
23
01
BATLoader, Ursnif, and Redline, oh my!
07
01
.NET Downloader Leading to OriginLogger
2022
22
10
Malware Weight Loss the Fast Way with Foremost
15
10
Bad Guys Hate This Trick for Malware Weight Loss!
07
08
Analyzing .NET Core Single File Samples (DUCKTAIL Case Study)
13
05
Analyzing a Pirrit adware installer
24
04
Shortcut to Emotet, an odd TTP change
16
04
Snip3 Crypter used with DCRat via VBScript
26
03
An AgentTesla Sample Using VBA Macros and Certutil
25
03
Formbook Distributed Via VBScript, PowerShell, and C# Code
04
03
Aggah PPAM macros renaming MSHTA
12
02
Analyzing a Stealer MSI using msitools
11
02
XLoader/Formbook Distributed by Encrypted VelvetSweatshop Spreadsheets
06
02
AgentTesla From RTF Exploitation to .NET Tradecraft
03
02
njRAT Installed from a MSI
02
02
STRRAT Attached to a MSI File
27
01
GuLoader Executing Shellcode Using Callback Functions
23
01
HCrypt Injecting BitRAT using PowerShell, HTAs, and .NET
22
01
BazarISO Analysis - Loading with Advpack.dll
18
01
Extracting Payloads from Excel-DNA XLL Add-Ins
17
01
Emotet's Excel 4.0 Macros Dropping DLLs
16
01
Analyzing a CACTUSTORCH HTA Leading to Cobalt Strike
09
01
Inspecting a PowerShell Cobalt Strike Beacon
07
01
Looking at PowerPoint Macros with Olevba
06
01
Decoding an Encoded Webshell Using NodeJS
05
01
Adventures in YARA Hashing and Entropy
04
01
Extracting Indicators from a Packed Mirai Sample
03
01
A Tale of Two Dropper Scripts for Agent Tesla
02
01
Analyzing a Magnitude EK Appx Package Dropping Magniber
01
01
Analyzing an IcedID Loader Document
2021
12
12
Analyzing a Log4Shell log4j Exploit from Muhstik
05
09
Smarter, Not Harder: Getting Malware to Help You Analyze It
02
09
Getting PE Rich Header Hashes with pefile in Python
10
07
Extracting Malicious Payloads from SFX Self-Extracting Installers
08
02
Analyzing an Empire macOS PKG Stager
01
02
How Qbot Uses Esentutl
2020
06
02
Linux EDR Evasion With Meterpreter and LD_PRELOAD
13
01
Exploiting Yum and DNF Plugins for Persistence
09
01
When Local Password Resets Aren't Local
2019
29
08
Whitelisting LD_PRELOAD for Fun and No Profit
28
08
Adding Process Hiding to Merlin
18
01
Making Meterpreter Look Google Signed
2018
26
08
My SANS DFIR NetWars Experience
Recently Updated
Bad Guys Hate This Trick for Malware Weight Loss!
Formbook Distributed Via VBScript, PowerShell, and C# Code
An AgentTesla Sample Using VBA Macros and Certutil
My SANS DFIR NetWars Experience
Making Meterpreter Look Google Signed
Trending Tags
malware
powershell
msi
windows
agenttesla
ld_preload
mshta
.net
cobalt-strike
csharp
Trending Tags
malware
powershell
msi
windows
agenttesla
ld_preload
mshta
.net
cobalt-strike
csharp