My notes on x86-64 CPU internals: execution modes, segmentation, interrupts, system calls, paging, debugging registers, and port I/O. git...
Saturday, April 25, 2026
Thursday, April 2, 2026
Inside MacSync: The Stealer Silently Backdooring Ledger Wallets
This was a collaboration article with Abdelghafour Bouhdyd ( @1nt3l_hunt ) about a MacSync Stealer compaign. It can be found on his blog...
Tuesday, March 31, 2026
Quirks of an EDR: Usermode
Introduction EDR vendors solve the same problems, they just do it differently. This causes logical pitfalls to occur. This is a work in prog...
Sunday, June 8, 2025
Another example of an Opsec failure in malware C2 Panels
Introduction This is not going to be a long article. I wrote some article before about blunders in malware infrastractures. Some threat act...
Wednesday, April 23, 2025
Gremlin Stealer: Strings decryption + Where data is uploaded
Introduction This is a quick static analysis blog post.
Tuesday, April 15, 2025
Quick LummaC2 discussion (fnv1a instead of murmur2 !?)
Introduction This is by no means a thorough analysis. It's merely a quick discussion and highlight of my findings while working on a ne...
Monday, March 31, 2025
Unpacking and Analyzing Purelog Stealer (ft. a quick trick using Powershell)
Introduction In this blog post, I'll be showcasing via example a useful trick to invoke .NET methods from Powershell and skipping all t...
Subscribe to:
Posts (Atom)
Intel x86-64 CPU Internals
My notes on x86-64 CPU internals: execution modes, segmentation, interrupts, system calls, paging, debugging registers, and port I/O. git...
-
Introduction In this blogpost, I'll be going through PE Reverse Engineering challenges on root-me.org
-
Introduction This is not going to be a long article. I wrote some article before about blunders in malware infrastractures. Some threat act...
-
Introduction In this blog post, I'll be showcasing via example a useful trick to invoke .NET methods from Powershell and skipping all t...
