Articles
11 DEC 2021
It's been awhile but finally got to updating some of the tools I use frequently...
24 MAY 2020
A couple of tools have been updated to make it easier to handle the latest malicious documents...
17 APR 2020
XLM macros have been making a comeback so it's important to be able to analyze them. I wrote a proof of concept tool that provides insight into what it's doing...
1 FEB 2020
The Emotet gang's email lures, which takes advantage of current news events, seems to be quite convincing and successful...
12 DEC 2019
I came across this SANS ISC blog article called "Phishing with a self-contained credentials-stealing webpage"...
11 DEC 2019
A security researcher, Mahendra K R, reached out to share a sample with me recently. The researcher was trying...
4 JUL 2019
PSUnveil is a tool you can use to analyze obfuscated PowerShell scripts. Here's a look at the interface...
5 DEC 2018
I updated CMD Watcher to give you more flexibility in capturing scripts from Office maldocs...
25 NOV 2018
In a recent article, I wanted to easily collect malicious scripts dumped from Office...
10 NOV 2018
I've gotten several good feedback regarding CMD Watcher so I'm releasing a new...
7 NOV 2018
Having spent a good amount of time analyzing a variety of maldocs, I realized that...
2 NOV 2018
Reneo has been updated to version 0.2 and includes many new features...
1 NOV 2018
Malwrologist (@DissectMalware) tweeted about an interesting PowerShell script...
24 JUN 2018
Reneo is a Windows tool to help incident responders, forensics specialists, and...
14 APR 2018
The constant barrage of malicious emails seeping into your users' inboxes appear...
30 MAR 2018
A script was left behind on a compromised machine. This led to the discovery of...
25 FEB 2018
"Sophisticated" in that the spammer obfuscated the mailer script quite well...