Malware.
Mapping the connections inside Russia’s APT Ecosystem
Research mapping the connections between Russian APT groups including Turla, Sofacy, and APT29. Analysis of shared code, infrastructure, and organizational ties.
Deobfuscating APT32 Flow Graphs with Cutter and Radare2
Deobfuscating APT32 (Ocean Lotus) control flow graphs using Cutter and radare2. Techniques for removing junk code and simplifying obfuscated binaries.
The Evolution of BackSwap
Analysis of the BackSwap banking trojan and its innovative techniques for stealing money through browser manipulation while evading detection.
Decrypting APT33’s Dropshot Malware with Radare2 and Cutter – Part 2
Continued analysis of APT33’s Dropshot malware. Automating string decryption with r2pipe, resource extraction, and completing the malware analysis with Cutter.
‘Decrypting APT33’s Dropshot Malware with Radare2 and Cutter – Part 1’
Analyzing APT33’s Dropshot (StoneDrill) malware using Cutter and radare2. String decryption, function analysis, and Jupyter integration for malware research.
