Malware Analysis and Detect Response

Malware analysis isn't just part of a job, it's a
hobby. Like many in the field of DFIR, I find that playing with
samples, looking at obfuscation and reversing engineering is fun. Many Practitioners feel that sharing with the community is
important. I also feel that sharing samples, detection techniques and indicators is an important public service.  Hopefully the content in this site is found to be useful analysts who happen to come upon this page.

What's on this site?

I won't host any samples on this site, I will have however share indicators, and links to public sandbox runs and virustotal pages.

On the blog I will attempt to provide some detailed analysis of samples and alert data.

In the Downloads section I will provide some custome decoder scripts for many of the DOSfuscation and Powershell obfuscation techniques I've observed from Emotet and Trickbot type campaigns.

Watch in the future for some CTF challenges as well.
Malware IOCs, Reversing Posts:

Github Repo: Rules for YARA, SIGMA, and OpenIOC Jupyter Malware (December 22, 2020)
Jupyter Malware (December 12, 2020)
Emotet Malware (June 22, 2018)
H-Worm (August 19, 2016)