In this post, I’ll walk you through the detailed process of creating a covert spyware program for red teaming  purposes. This project evolved from a simple Proof of Concept (PoC)  loader to a fully functional payload that could evade detection by Windows Defender  and perform real-time data exfiltration, including keylogging  and screenshot capturing . This blog post will cover: Building the loader  with persistence, VM evasion, and C2 communication. Designing the main payloa

Introduction Micropsia is a Remote Access Trojan (RAT) attributed to the AridViper threat actor group, which is closely linked to Hamas...

Introduction Karkoff RAT is a sophisticated Remote Access Trojan that has recently garnered attention for its stealth and persistence. Believed to originate from the Iranian attack group, APT-34 . this malware has been employed in targeted cyber espionage campaigns, demonstrating advanced capabilities in evading detection and maintaining long-term access to compromised systems. In this blog post, I explore the inner workings of Karkoff RAT through static and dynamic analysis

In this post, I will be presenting an advanced static analysis of a reverse shell malware downloaded from the HuskyHacks GitHub page This...

This post will be showing you my analysis of the "Putty.exe" file downloaded from the HuskyHacks GitHub page. This is the information I...

In this post, I am going to analyze another RAT downloaded from the HuskyHacks GitHub page. This is the information I have on the file...

In this post, I am going to analyze a RAT downloaded from the HuskyHacks GitHub page. This is the information I have on the file before...

In this post, we will learn about REMnux, a Linux toolkit for reverse engineering. As this room is based on more advanced subjects, you should first review the last two walkthroughs, Malware Introductory and MAL: strings . Task 1 1. Introduction In this room, we will be doing the following: Identifying and analyzing malicious payloads of various formats embedded in PDFs, EXE, and Microsoft Office Macros (the most common method that malware developers use to spread malware

This time, we will solve the TryHackMe MAL: Strings room in the Cyber Defense path; this is the third room in the Malware Analysis category. FYI, all the answers in this room will be marked . Task 1 What are "strings"? "strings" is the term given for data handled by an application. In other words, these pieces of data are used to store information such as text to numerical values. So why are strings necessary? The room creator explains why saving passwords in clear text is d

In this post, we're going to solve the TryHackMe Malware Introductory room in the Cyber Defense path, this is the second room in the Malware Analysis category. FYI, all the answers in this room will be marked . Task 1 What is the Purpose of Malware Analysis? In the first task, the room creator is talking about malware analysis and its purpose, they are saying that in malware analysis there are 4 important things to consider. 1. Point of Entry 2. Indicator of compromise 3. Ho