This is a collection of our raw research notes. Each post is generated from a Jupyter Notebook that can be found in our GitHub Research repository. Notes may contain errors, spelling mistakes, grammar mistakes, and incorrect code. Please keep in mind these are all rough drafts. Pull requests are welcome!

Notes

• Yara Megaprimer

  What is Yara and how is it used

  Feb 9, 2023

• Rhadamanthys

  What is this thing are we just looking at a downloader

  Jan 19, 2023

• Dumpulator VEH

  A deeper look at the Dumpulator advanced emulation capabilities

  Jan 15, 2023

• Guloader

  A closer look at this infamous loader

  Dec 16, 2022

• Brute Ratel

  Some notes on this dual purpose RAT

  Dec 11, 2022

• Titan Stealer

  Another GO stealer

  Dec 1, 2022

• Laplace Clipper

  Taking a look at this GOLang clipboard stealer

  Nov 27, 2022

• PowerShell Loading Shellcode

  Taking a look at this loader which is probably metasploit lol

  Nov 24, 2022

• Tofsee

  Taking a look at Tofsee

  Nov 20, 2022

• AgentTesla

  Some dot net exploration featuring agenttesla

  Nov 17, 2022

• Amadey Loader

  Analysis of CPP Amadey loader

  Nov 13, 2022

• C++ STL Types

  Taking a closer look at this C++ STL Types

  Nov 6, 2022

• BitRat Exposed

  Taking a closer look at this C++ paster RAT

  Oct 20, 2022

• Threat Intel - Building A Simple Botnet Tracker

  Introduction to threat intel

  Oct 13, 2022

• Icarus Stealer - What is it?

  What is this malware and how does it work

  Oct 9, 2022