0x0vidMalware Analysis: Trickbot, Part 3 — Network Collector DLLConcluding our series on Trickbot, we will be taking a look at one of the modules used by the malware for network and AD enumerationJul 6Jul 6
0x0vidMalware Analysis: Trickbot, Part 2 — AgentMalware analysis of the Trickbot agent and persistence mechanismJul 2Jul 2
0x0vidMalware Analysis: Trickbot, Part 1 — DroppersMalware analysis of phishing emails used by the Trickbot malware and subsequent droppers and their execution.Jul 1Jul 1
0x0vidRe-creating the Snake Malware Part 006: The Queue File — Implementing a Virtual File System (VFS)Obligatory disclaimer: All of the information presented here is for research purposes and should only be used in a legitimate and legal…May 8May 8
0x0vidRe-creating the Snake Rootkit Part 005: Hiding Scheduled TasksObligatory disclaimer: All of the information presented here is for research purposes and should only be used in a legitimate and legal…May 3May 3
0x0vidHow to Build Your Own Custom C2 FrameworkObligatory disclaimer: All of the information presented here is for research purposes and should only be used in a legitimate and legal…Mar 28Mar 28
0x0vidRe-creating the Snake Rootkit Part 004: KAPC Injection and Windows API Hooking to Hide ProcessesObligatory disclaimer: All of the information presented here is for research purposes and should only be used in a legitimate and legal…Feb 9Feb 9
0x0vidRe-creating the Snake Rootkit Part 003: Implementing Covert Communication Using The Windows…Obligatory disclaimer: All of the information presented here is for research purposes and should only be used in a legitimate and legal…Jan 10Jan 10
0x0vidRe-creating the Snake Malware Part 002: Starting on the Kernel Driver — PoCObligatory disclaimer: all of the information presented here is for research purposes and should only be used in a legitimate and legal…Jan 8Jan 8
0x0vidRe-creating the Snake Malware Part 001, Or: How I Learned to stop worrying and Love Adversary…This post is the first in a series where we will be exploring how we can use existing threat intelligence reporting to get inspiration for…Jan 5Jan 5