Dear followers of this blog, I wish you a happy new year! About a month ago, I have launched my latest project: Malpedia  ( slides here )....

Here is a short post on what I found out about the "link" between Lazarus and WannaCry. To me, the function referenced looks a lo...

After hacking away for some days in the code chamber, I'm finally satisfied with the outcome and happy to announce the release of my n...

After some abstinence, I thought it might be a good idea to write something again. The perfect occasion came yesterday when I decided to bui...

In the other blog post on Fobber, I have demonstrated how to batch decrypt function code, which left us with IDA recognizing a fair amount ...

About two weeks ago I came across an interesting sample using an interesting anti-analysis pattern. The anti-analysis technique can be best...

This blog post details how the more recent versions of Andromeda store their C&C URLs and RC4 key and how this information can be brutef...