HOME

Recent posts

CVE-2024-34456: Trend Micro Antivirus One Dylib Injection

During a red teaming activity, we gained access to a company MacBook; the Trend Micro Antivirus One software was runn...

6 minute read

Gold Pickaxe iOS Technical Analysis: IPA Overview and C2 Communication Start up

In February 2024 Group-IB wrote a blog post about a mobile Trojan developed by a Chinese-speaking cybercrimine group ...

13 minute read

Atomic macOS Stealer (AMOS) Analysis

Hello everybody, this is my first macOS malware analysis, I took a sample from malwarebazaar and tried to reverse it,...

12 minute read

Rustware Part 3: Dynamic API resolution (Windows)

In the previous blog post we have seen how to perform a shellcode process injection by finding a target process PID u...

12 minute read

Rustware Part 2: Process Enumeration Development (Windows)

In the previous blog post we have seen how to develop a Shellcode Process Injection in Rust; the described Process In...

10 minute read

Rustware Part 1: Shellcode Process Injection Development (Windows)

Malware development is essential when performing activities like Red Teaming, Adversary Emulation and Network Penetra...

12 minute read

QAKBOT BB Configuration and C2 IPs List

On September 30, 2022 a friend of mine received a phishing email pretending to be sent by one of his customers, the e...

4 minute read

Emotet Malicious Excel Analysis

Sometime ago a friend of mine sent me a suspicious email containg a zip file with an xls, at the time I didn't focus ...

1 minute read

DVIA v2 iOS URL Runtime Manipulation with Frida

After my previous blog posts about DVIA v2 Anti-Debug and Frida with Swift] some guys asked me about the URL Runtime ...

2 minute read

iOS Strings Obfuscation in Swift

Usually when reversing an iOS Application, it’s common to see methods and strings that can help an attacker to figure...

4 minute read