DLL (Dynamic Link Library) injection is a technique in which arbitrary code is ran from within a legitimate process. This is a very sneaky way to execute malicious code and get around poorly implem...

EXclusive OR(XOR) is one of the most common forms of payload obfuscation via encryption used by malware developers. There are a few reasons for this, one is that it is a native bitwise operation, m...

I was going to make my next blog post about diving into a generic portable executable (PE). I quickly realized that there is a lot to learn. I started with assembly because when disassembling PEs t...

Lately, I’ve been trying to balance the grind of learning assembly with reading up on the latest malware happenings. But like all good things they must be done in moderation (I got distracted). Tha...

I was looking for my next journey into malware analysis and decided I wanted to try something a bit more complex. So, I decided to take a look at Quasar Rat. It’s a .net based RAT that is a bit mor...

I recently looked into AsyncRAT in another blog post. That one is what I would call a “lite” version of malware analysis. Honestly, it should have been called a fire starter as it lit a fire under ...

I have always been interested in malware analysis and threat intel, but I knew it wasn’t an easy lift especially since I lack the knowledge of the ocean of programming languages that exist. But, I...