Code Reuse Across Packers and DLL Loaders

One of the core tenets of computer science is code reuse.

DotNET Loaders

Many families of remote access trojan (RAT) are .NET executables.

Malware in images: When you can’t see 'the whole picture'

The attack on SolarWinds: Next-level stealth was key

The SunBurst supply chain attack, which was behind the breach of SolarWinds, took sophistication and patience.

Rana Android Malware

Your past catches up, sooner or later...

PoorWeb - Hitching a Ride on Hangul

Tearing Down HWP Files To Expose a Trojan

Taidoor - a truly persistent threat

When malware lasts longer than your washing machine

Excel 4.0 Macros

The Risk of Hidden Threats in Compound Files

Five Uses of YARA

YARA is a useful member of the toolset of researchers, threat hunters, incident responder, and many other defenders.

Hidden Cobra - from a shed skin to the viper’s nest

Enriching public threat intelligence

Retread Ransomware

Identifying Satana to Understand "CoronaVirus"

Spying on SpyNet

Malware is like a constantly evolving open-source project.

Mining for Malicious Ruby Gems

Typosquatting barrage on RubyGems software repository users

Hawkish applications lurking in your MacOS environment

macOS Blog 4 of 5: Catching the Proton Backdoor in your Video

Unpacking the Kwampirs RAT

Exposing Attack Campaigns, Hunting Threats and Delivering Actionable Threat Intelligence