I’ve been so busy at work that I haven’t had time to make a post in a while! Luckily I have been able to a contribute to a couple posts since joining SentinelOne. I also created a Sunburst assessment tool, which can be found here. Hope you enjoy!
Evolution of Excel 4.0 Macro Weaponization
Here is a blogpost covering the findings of research I performed at work related to how Excel 4.0 Macros have evolved this year.
IQY + Paradise Ransomware
Here is a blogpost I created at work regarding a campaign leveraging IQY attachments for the delivery of Paradise Ransomware.
XLS -> VBS -> .NET
I found a pretty cool sample while reviewing recent trends in XLS malware. The XLS contains a small piece of macro code that starts an interesting chain of events. The VBA macros can be extracted from the XLS with Didier Steven’s oledump, or Decalage’s olevba. Here is the entirety of the VBA code. The code […]
Radare2 Demo – 20 tips
Here is a quick demo to get REs/Malware Analysts started with what I think is the most underrated disassembler out right now. Get it here: https://rada.re/n/radare2.html Let’s dig into some code. 1 – Start Radare2 and point it at the sample you are analyzing. 2 – Have Radare2 analyze the sample. The more ‘a’s, the […]