Malware Analysis Guides

CyberChef Tutorials

Advanced Cyberchef Techniques - Defeating Nanocore Obfuscation With Math and Flow Control

Applying Flow Control and Mathematical operators to deobfuscate a .vbs loader for Nanocore malware.

How To Use CyberChef

Decoding a Cobalt Strike Downloader Script With CyberChef

Decoding a Cobalt Strike script with CyberChef and VsCode.

Malware Analysis Guides

Latrodectus Malware Analysis - Decoding Obfuscated Malware By Removing Junk Comments

Identifying and Removing Obfuscation in a Self-Referencing Latrodectus Loader

Malware Analysis Guides

Advanced CyberChef Techniques For Malware Analysis - Detailed Walkthrough and Examples

Advanced CyberChef techniques using Registers, Regex and Flow Control

Malware Analysis Guides

How to Use Ghidra to Analyse Shellcode and Extract Cobalt Strike Command & Control Servers

Manual analysis of Cobalt Strike Shellcode with Ghidra. Identifying function calls and resolving API hashing.

Malware Analysis Guides

How To Use Ghidra For Malware Analysis - Identifying, Decoding and Fixing Encrypted Strings

Manual identification, decryption and fixing of encrypted strings using Ghidra and x32dbg.

Malware Analysis Guides

How To Use Ghidra For Malware Analysis - Establishing Context on Imported Functions

Leveraging Ghidra to establish context and intent behind imported functions.

Malware Analysis Guides

Ghidra For Malware Analysis - Pivoting from String Cross References

Leveraging Ghidra to establish context and intent behind suspicious strings.

Malware Analysis Guides

Beginner Ghidra Guide - Manual Shellcode Decryption

Manually Reversing a decryption function using Ghidra, ChatGPT and CyberChef.

Malware Analysis Guides

How To Use Garbageman To Extract C2's From Dotnet Malware

Extracting C2 configuration using the Garbageman .NET analysis tool

Ghidra Tutorials

Malware Unpacking With Hardware Breakpoints - Cobalt Strike Shellcode Loader

Unpacking a simple Cobalt Strike loader using Debuggers and Hardware breakpoints.

Malware Analysis Guides

Malware Unpacking With Memory Dumps - Intermediate Methods (Pe-Sieve, Process Hacker, Hxd and Pe-bear)

Demonstrating three additional methods for obtaining unpacked malware samples. Using Process Hacker, Pe-sieve, Hxd and Pe-bear.