root@ropgadget[.]com:~#
_Zmain
disass
.Sections
PLT
/* rsync(1) */
@ Posts
20DEC2023 - The Origin of OriginLogger & Agent Tesla
09AUG2018 - Case studies in Rich Header analysis and hunting
06JUN2018 - BinSequencer: Sequencing files for YARA Hunting
22JAN2018 - Embracing Failure: The Shane Missler Phish
09NOV2017 - PowerShell Deobfuscation with Curtain
02JUL2017 - MtG Deck Hunting
31MAY2017 - Writing PCRE's for applied passive network defense [Emotet]
04MAR2017 - argfuscator - Obfuscating and randomizing PowerShell arguments
17JAN2017 - Abusing native Windows functions for shellcode execution
05JAN2017 - SANS Holiday Hack Challenge 2016
31DEC2016 - LEGO Shadowbox - How-to Guide
15DEC2016 - 010 Editor XOR Brute Force String Search
11NOV2016 - Cuckoo Install
02NOV2016 - A walk along the PEB: Stepping through PE structures to find function addresses
25OCT2016 - CTP Course and OSCE Exam Review
04OCT2016 - asm_buddy & shellbug
03OCT2016 - MAN1 Hancitor/H1N1 research dump
19SEP2016 - CSAW2016 - CTF Write-ups
30AUG2016 - Unicorn-Engine, Python, and Hancitor - Emulating decoding routines
21AUG2016 - New technique used by Hancitor dropper
21AUG2016 - Start transmission
$dayjob Writings
29SEP2023 - CL0P Seeds ^_- Gotta Catch Em All!
13SEP2022 - OriginLogger: A Look at Agent Tesla's Successor
03FEB2022 - Russia's Gamaredon aka Primitive Bear APT Group Actively Targeting Ukraine
07NOV2021 - Targeted Attack Campaign Against ManageEngine ADSelfService Plus Delivers Godzilla Webshells, NGLite Trojan and KdcSponge Stealer
12OCT2021 - Ransomware as a Service: Defend by Reinvesting in the Fundamentals
07OCT2021 - Ransomware as a Service: Criminal “Entrepreneurs” Evolve Ransomware
16JUN2021 - Matanbuchus: Malware-as-a-Service with Demonic Intentions
08MAR2021 - Analyzing Attacks Against Microsoft Exchange Server With China Chopper Webshells
25OCT2019 - Practical Behavioral Profiling of PowerShell Scripts through Static Analysis (Part 3)
24OCT2019 - Practical Behavioral Profiling of PowerShell Scripts through Static Analysis (Part 2)
23OCT2019 - Practical Behavioral Profiling of PowerShell Scripts through Static Analysis (Part 1)
25APR2019 - Takedowns and Adventures in Deceptive Affiliate Marketing
27FEB2018 - Dissecting Hancitor's Latest 2018 Packer
12JAN2018 - PowerStager Analysis
25SEP2017 - Analyzing the Various Layers of AgentTesla’s Packing
15AUG2017 - The Curious Case of Notepad and Chthonic: Exposing a Malicious Infrastructure
03AUG2017 - LabyREnth CTF 2017 Winners!
DOC Level 3 - Matroyshka | Author: @_jsoo_ | Blog Author: @noottrak
DOC Level 4 - Macroses | Author: @c1fe, @_jsoo_, @fdivrp | Blog Author: @noottrak
DOC Level 5 - MarsSpider | Author: @noottrak | Blog Author: @fdivrp
MOB Level 3 - ShowMeWhatYouGot | Author: @fdivrp | Blog Author: @noottrak
PROG Level 2 - Connect 4 | Author: @wartortell | Blog Author: @noottrak
THRT Level 2 - RachmaninovPC2 | Author: @m1k4chu | Blog Author: @noottrak
THRT Level 3 - Threaty Threat Threat | Author: @ak @noottrak @SeraphimDomain | Blog Author: @m1k4chu
THRT Level 4 - bbransom | Author: @fdivrp | Blog Author: @noottrak
28JUN2017 - VIDEO: Tips, Tricks, and Clues to Escape the LabyREnth CTF
13APR2017 - Pulling the Brake on the Magnitude EK Train
10MAR2017 - Pulling Back the Curtains on EncodedCommand PowerShell Attacks
27JAN2017 - Farming Malicious Documents to Unravel Ransomware
29SEP2016 - LabyREnth Capture the Flag (CTF): Mobile Track Solutions
MOB Level 1 - Last Chance | Author: @nootrak | Blog Author: @nootrak
MOB Level 5 - Escape the Labyrinth | Author: @nootrak | Blog Author: @nootrak
15SEP2016 - LabyREnth Capture the Flag (CTF): Windows Track 1-6 Solutions
WIN Level 5 - Decimal Code | Author: @_jsoo_ | Blog Author: @noottrak
01SEP2016 - LabyREnth Capture the Flag (CTF): Threat Track Solutions
THRT Level 1 - Well of Wishes | Author: @noottrak | Blog Author: @noottrak
THRT Level 3 - Matryoshkas got nothing on me | Author: @jgrunzweig | Blog Author: @noottrak
THRT Level 7 - BorgBot | Author: @noottrak | Blog Author: @noottrak
30AUG2016 - Pythons and Unicorns and Hancitor...Oh My! Decoding Binaries Through Emulation
25AUG2016 - LabyREnth Capture the Flag (CTF): Unix Track Solutions
NIX Level 4 - Odd Places | Author: @noottrak | Blog Author: @fdivrp
21AUG2016 - VB Dropper and Shellcode for Hancitor Reveal New Techniques Behind Uptick
18AUG2016 - LabyREnth Capture the Flag (CTF): Document Track Solutions
DOC Level 2 - Can you crack doc? | Author: @fdivrp | Blog Author: @noottrak
DOC Level 4 - Macros are fun | Author: @c1fe | Blog Author: @noottrak
12JUL2016 - How to Track Actors Behind Keyloggers Using Embedded Credentials
03MAY2016 - AutoFocus Lenz: Taking the Blue (Team) Pill
08APR2016 - Ransomware: Locky, TeslaCrypt, Other Malware Families Use New Tool To Evade Detection
25FEB2016 - KeyBase Threat Grows Despite Public Takedown: A Picture is Worth a Thousand Words
29JAN2016 - SpiderMal: Deep PassiveDNS Analysis with Maltego
23DEC2015 - ProxyBack Malware Turns User Systems Into Proxies Without Consent