Articles.
Mapping the connections inside Russia’s APT Ecosystem
Research mapping the connections between Russian APT groups including Turla, Sofacy, and APT29. Analysis of shared code, infrastructure, and organizational ties.
Deobfuscating APT32 Flow Graphs with Cutter and Radare2
Deobfuscating APT32 (Ocean Lotus) control flow graphs using Cutter and radare2. Techniques for removing junk code and simplifying obfuscated binaries.
The Evolution of BackSwap
Analysis of the BackSwap banking trojan and its innovative techniques for stealing money through browser manipulation while evading detection.
Decrypting APT33’s Dropshot Malware with Radare2 and Cutter – Part 2
Continued analysis of APT33’s Dropshot malware. Automating string decryption with r2pipe, resource extraction, and completing the malware analysis with Cutter.
‘Decrypting APT33’s Dropshot Malware with Radare2 and Cutter – Part 1’
Analyzing APT33’s Dropshot (StoneDrill) malware using Cutter and radare2. String decryption, function analysis, and Jupyter integration for malware research.
Reversing a Self-Modifying Binary with radare2
Analyzing a packed, self-modifying binary with radare2. Covers UPX-like packers, runtime unpacking, ESIL emulation, and debugging packed executables.
Reverse engineering a Gameboy ROM with radare2
Reverse engineering a Gameboy ROM using radare2. Analyzing the Z80 architecture, Game Boy memory map, and solving a CTF challenge with r2.
A journey into Radare 2 – Part 2: Exploitation
Part 2 of the radare2 tutorial series. Covers exploitation, buffer overflows, ROP chains, and writing exploits with radare2.
A journey into Radare 2 – Part 1: Simple crackme
Step-by-step tutorial for learning radare2 by solving a simple crackme. Covers installation, basic commands, visual mode, analysis, and debugging.
