Recent Posts
All posts →Dissecting a Multi-Stage Dropper: From Phishing Lure to Cobalt Strike Beacon
A step-by-step walkthrough of a recent campaign targeting UK financial sector employees, traced from initial macro delivery through to C2 beacon deployment.
GoSkimmer v0.2: Now with YARA Rule Auto-Generation
The latest release adds automatic YARA signature extraction from static binary analysis — here's how it works under the hood and what's next on the roadmap.
Why Most Threat Intelligence Reports Are Useless to Defenders
The gap between vendor TI reports and actionable defender context is enormous. Here's what actually makes intelligence useful, and what to demand from your providers.
LockBit 3.0 Anti-Analysis Techniques: A Deep Dive into Their Evasion Playbook
Covering sandbox detection, debugger tricks, and the clever use of legitimate Windows APIs that makes this variant so difficult to analyse in automated pipelines.