HOME
Recent posts
macOS NimDoor: DPRK Threat Actors Target Web3 and Crypto Platforms with Nim-Based Malware
DPRK threat actors are utilizing Nim-compiled binaries and multiple attack chains in a campaign targeting Web3 and Cr...
ReaderUpdate Reforged: Melting Pot of macOS Malware Adds Go to Crystal, Nim and Rust Variants
ReaderUpdate is a macOS malware loader platform that, despite having been in the wild since at least 2020, has passed...
CVE-2024-34456: Trend Micro Antivirus One Dylib Injection
During a red teaming activity, we gained access to a company MacBook; the Trend Micro Antivirus One software was runn...
Gold Pickaxe iOS Technical Analysis: IPA Overview and C2 Communication Start up
In February 2024 Group-IB wrote a blog post about a mobile Trojan developed by a Chinese-speaking cybercrimine group ...
Atomic macOS Stealer (AMOS) Analysis
Hello everybody, this is my first macOS malware analysis, I took a sample from malwarebazaar and tried to reverse it,...
Rustware Part 3: Dynamic API resolution (Windows)
In the previous blog post we have seen how to perform a shellcode process injection by finding a target process PID u...
Rustware Part 2: Process Enumeration Development (Windows)
In the previous blog post we have seen how to develop a Shellcode Process Injection in Rust; the described Process In...
Rustware Part 1: Shellcode Process Injection Development (Windows)
Malware development is essential when performing activities like Red Teaming, Adversary Emulation and Network Penetra...
QAKBOT BB Configuration and C2 IPs List
On September 30, 2022 a friend of mine received a phishing email pretending to be sent by one of his customers, the e...