Malware breakdowns, tool updates, and thoughts on the security industry.
A step-by-step walkthrough of a recent campaign targeting UK financial sector employees, traced from initial macro delivery through to C2 beacon deployment.
The latest release adds automatic YARA signature extraction from static binary analysis — here's how it works under the hood and what's next on the roadmap.
The gap between vendor TI reports and actionable defender context is enormous. Here's what actually makes intelligence useful, and what to demand from your providers.
Covering sandbox detection, debugger tricks, and the clever use of legitimate Windows APIs that makes this variant so difficult to analyse in automated pipelines.