Remus Stealer: C2 Protocol Analysis, Cryptography, and Detection
Disclaimer: This blog and all associated research are part of my personal independent study. All hardware, software, and infrastructure are personally owned ...
Recent Posts
VECT 2.0 Ransomware: Deep Dive into a C++ Windows Encryptor
VECT 2.0 Ransomware — Deep Dive Analysis
Interlock Ransomware: Deep Dive into a C-Based FreeBSD Encryptor
Interlock Ransomware: Deep Dive into a C-Based FreeBSD Encryptor
BlackSanta EDR Killer: Deep Dive into DWrite.dll (Part 1 — Loader Analysis)
Scope: This is Part 1 of the BlackSanta analysis series, focusing exclusively on the DWrite.dll loader component. Part 2 will cover the BlackSanta EDR-kil...
0APT Ransomware: Deep Dive into a Rust-Based Windows Encryptor
0APT Ransomware: Deep Dive into a Rust-Based Windows Encryptor
Qilin Ransomware (Rust Variant) Analysis
Qilin Ransomware (Rust Variant) Analysis
Tearing Apart GRIDTIDE: Reversing a Google Sheets Backdoor and Rebuilding Its C2
Analysis of GRIDTIDE — a Linux x86-64 backdoor using the Google Sheets API as a bidirectional C2 channel. AES-128-CBC config decryption, OAuth2 JWT Bearer au...
Matanbuchus 3.0 — A Deep Dive into a Loader-as-a-Service
A comprehensive reverse-engineering analysis of Matanbuchus 3.0, covering its multi-layered obfuscation framework, encrypted C2 protocol, command dispatch ar...
Malware ML Lab – Part 1: Setting Up My Jetson Orin Nano Research Node
Building a dedicated edge ML node for malware research — from unboxing to a working containerized environment on the NVIDIA Jetson Orin Nano.
Malware ML Lab – Part 2: Validating the Jetson ML Environment
Verifying that PyTorch, CUDA, and GPU training all work end-to-end inside the Jupyter container on the Jetson Orin Nano.