Blog
Articles
Tutorials and notes with Markdown, syntax-highlighted code blocks, and LaTeX math when we need it.
Intercepting Encrypted C2 Traffic with INetSim and REMnux
Ever wonder what malware does behind the scenes when it thinks no one is watching? In this hands-on lab teardown, we analyze a self-deleting malicious payload, bypass its encrypted network traffic hurdles, and trick it into revealing its secondary download stages using REMnux and INetSim.
Reverse Engineering Malware: Catching 'brbbot' in the Act with x64dbg & CyberChef
Watch over a researcher's shoulder as we dissect the brbbot malware. Learn how to use x64dbg, Process Hacker, and CyberChef to intercept file reads, track API handles, and decode XOR-obfuscated payloads to reveal the malware's evasion tactics.
Unmasking Malware Safely: Emulation and Capability Analysis with Speakeasy & Capa
Ever wondered what a malicious payload actually does behind the scenes? In this walkthrough, we dissect a Windows executable named brbbot.exe using a safe Linux environment. By leveraging FireEye’s Speakeasy emulator and Capa, we extract hidden API calls, uncover command-and-control capabilities, and map out the malware's attack strategy—all without putting our own systems at risk.
Deconstructing the Blueprint: A Step-by-Step Guide to Dynamic Malware Analysis
Step inside the isolated sandbox. Learn how to securely configure host-only virtual environments, trick malicious code using FakeDNS, and capture runtime footprints with Process Monitor and Wireshark.
Building an Isolated Malware Analysis Lab: Step-by-Step Network Configuration in VMware
Want to dive into malware analysis without risking your primary machine? Discover how to properly configure an isolated, host-only network between Windows and Linux VMs to securely analyze threats and capture live traffic using Wireshark.