PinnedPublished inm4n0w4rTrickBot … many tricksAs part of my work at VinCSS, I wrote a detailed analysis about TrickBot.Oct 28, 2021Oct 28, 2021
PinnedBruce Dang …Nhân sự kiện Ngày ATTT Việt Nam 2017 diễn ra hôm 1/12 vừa rồi, tôi có cơ hội được gặp và nói chuyện trực tiếp với anh Bruce Dang…Dec 2, 20173Dec 2, 20173
PinnedPublished intradahackingREVERSING WITH IDA FROM SCRATCH (P35)Lời tựa: Con người là loại động vật cấp cao và cũng đầy lòng trắc ẩn. Tôi không muốn một ngày nào đó, có người còm vào blog của tôi để hỏi…May 21, 2021May 21, 2021
Published inm4n0w4r[QuickNote] The Xworm malware is being spread through a phishing emailWhen a standard user clicks on the link provided, the browser will automatically initiate a download of the file Itinerary.doc _.zip,..Sep 12, 2024Sep 12, 2024
Published inm4n0w4r[QuickNote] Retrieve unknown python stealer from PyInstallerDuring my participating in a Discord community, I noticed a member made the following offer of assistanceAug 10, 2024Aug 10, 2024
Published inm4n0w4r[QuickNote] DarkGate — Make AutoIt Great AgainIn the first quarter of 2024, @AvastThreatLabs observed a DarkGate campaign distributed via malicious PDF files…Jun 6, 2024Jun 6, 2024
Published inm4n0w4r[QuickNote] Qakbot 5.0 — Decrypt strings and configurationIn this new sample, threat actor has updated Qakbot’s codebase to support 64-bit versions of Windows.Apr 24, 2024Apr 24, 2024
Published inm4n0w4r[QuickNote] Phishing email distributes WarZone RAT via DBatLoaderBelow is an illustrated and summarized way of how WarZone RAT sample infects the victim system via DBatLoaderApr 9, 2024Apr 9, 2024
Published inm4n0w4r[QuickNote] Technical Analysis of recent Pikabot Core Module1. OverviewJan 6, 2024Jan 6, 2024
Published inm4n0w4r[Case study] Decrypt strings using DumpulatorI received a suspicious Dll that needs to be analyzed. This Dll is packed. After unpacking it and throwing the Dll into IDA, IDA…May 22, 2023May 22, 2023
![[QuickNote] The Xworm malware is being spread through a phishing email](https://miro.medium.com/v2/resize:fill:160:106/1*0FhtHIf3UGSjVa9_XCA4pA.png)
![[QuickNote] The Xworm malware is being spread through a phishing email](https://miro.medium.com/v2/resize:fill:320:214/1*0FhtHIf3UGSjVa9_XCA4pA.png)
![[QuickNote] Retrieve unknown python stealer from PyInstaller](https://miro.medium.com/v2/resize:fill:160:106/1*DXQAvB_CnsdXNeaoDswVfA.png)
![[QuickNote] Retrieve unknown python stealer from PyInstaller](https://miro.medium.com/v2/resize:fill:320:214/1*DXQAvB_CnsdXNeaoDswVfA.png)
![[QuickNote] Qakbot 5.0 — Decrypt strings and configuration](https://miro.medium.com/v2/resize:fill:160:106/1*f5NP9DwZTFrqbFblXznpNw.png)
![[QuickNote] Qakbot 5.0 — Decrypt strings and configuration](https://miro.medium.com/v2/resize:fill:320:214/1*f5NP9DwZTFrqbFblXznpNw.png)
![[QuickNote] Phishing email distributes WarZone RAT via DBatLoader](https://miro.medium.com/v2/resize:fill:160:106/0*rxuoWlPNG2m0wmLB.png)
![[QuickNote] Phishing email distributes WarZone RAT via DBatLoader](https://miro.medium.com/v2/resize:fill:320:214/0*rxuoWlPNG2m0wmLB.png)
![[QuickNote] Technical Analysis of recent Pikabot Core Module](https://miro.medium.com/v2/resize:fill:160:106/1*4AAxLFLX810AtRJZNHb7qQ.png)
![[QuickNote] Technical Analysis of recent Pikabot Core Module](https://miro.medium.com/v2/resize:fill:320:214/1*4AAxLFLX810AtRJZNHb7qQ.png)
