Twitter: @embee_research GitHub: embee-research Youtube: EmbeeResearch
Binary Reverse Engineering (Ghidra/Debuggers)
- Ghidra Tips For Beginners
- Manual Analysis and C2 Extraction of Cobalt Strike
- Defeating API Hashing with Conditional Breakpoints
- Golang Analysis - Extracting an Xworm Payload
- Fixing False Entry Points Using Pe-bear
- Resolving Emotet API Hashes
- Developing a Static Decoder For IcedID
- Unpacking Malware Using Hardware Breakpoints
- Identifying Dummy Exports in IcedID
- Using Dumpulator to Decrypt Qakbot Strings - P2
- Decrypting Qakbot Strings With Dumpulator
Detection Engineering (Yara/Sigma)
- Developing Yara Rules Using Encryption
- Brute Ratel - Static Detection Via API Hashes
- Havoc C2 - Static Detection Via Ntdll Hashes
- Basic .NET Detection Using Yara
- Rhadamanthys Detection Via Yara
- Qakbot Detection Via Sigma
- GraceWire Detection Via Yara
- NightHawk C2 Detection Via Yara
- Static Detection of IcedID With Yara
- NetSupport - Process Based Detection
.NET Reverse Engineering + Malware Analysis (Dnspy/Powershell)
- AsyncRAT - Manually Decoding a .NET Loader
- Easy Analysis of .NET Malware
- Decoding AgentTesla Strings Using Powershell - Dynamic Invocation
- Using Process Hacker to Extract .NET Malware
- Bulk String Decryption of .NET Malware Using Powershell
- Using Powershell to Directly Invoke Decryption Code, Bypass Anti-Debug and extract C2 information
- DcRat Custom Decoding Script and Analysis
Script Reverse Engineering (CyberChef/Python)
- Advanced Decoding Using CyberChef
- Python Decoder for Remcos Loader
- Decoding Ursnif Loaders Via CyberChef
- Manual Deobfuscation of Danabot Using CyberChef and Python
- Decoding AsyncRAT Using CyberChef
- Decoding DNS Malware Using CyberChef
- Cleaning Up Scripts Using CyberChef
- Decoding AsyncRAT Loader Via CyberChef
- Decoding Zipped Content with Cyberchef
- Jupyter Decoding Using Cyberchef
- Decoding BazarLoader Using CyberChef
- String Concatenation With CyberChef
- Manual Decoding of Chromeloader Malware using Cyberchef
- Decimal Decoding (Gootloader) Using Cyberchef
- AgentTesla - Manual Key Generation and Decoding With Cyberchef
Red Team / Offensive Techniques
Getting Started
Full Length Blogs
- Cyberchef Advanced Tips - AsyncRAT Loader
- Hackers No Hashing: Randomizing API Hashes to Evade Cobalt Strike Shellcode Detection
- Snakes on a Domain: An Analysis of a Python Malware Loader
- Cobalt Strikes Again: An Analysis of Obfuscated Malware