My Research and Tools
-
Malware Analysis Blog
My main research blog containing malware analysis notes, reverse engineering writeups, IOCs, campaign tracking, and detection ideas.
-
GitHub - securitymagic
Repository for YARA rules, malware analysis utilities, decoders, extraction scripts, and related detection content.
-
Select Blog repostings on Medium
Summarized versions of select blog postings.
-
X (formerly twitter)
Posts on X, sometimes these come before blog posts
Selected Malware Analysis Writeups
-
Potentially Malicious PDFSupernova Loader
Analysis of a suspicious PDF converter application with loader behavior and Chrome Web Data hijack indicators.
-
Suspicious Converter Apps
Obfuscated strings, PowerShell indicators, and loader behavior observed in suspicious converter applications.
-
PrimePDFConvert / YAPA Loader
Analysis of a malicious PDF converter application with loader capabilities and YAPA-related behavior.
-
SystemShock Loader
Analysis of malicious DLLs loaded from fake meeting software themes such as Teams and Google Meet lures.
-
Early TamperedChef Malware Analysis
An early in-depth look at malware linked to weaponized recipe applications, including what appears to be the first known public use of the name “TamperedChef” in relation to malware.
-
HydraSeven Malware Analysis
An earlier analysis from 2023 involving suspicious utility-themed applications and custom loader behavior. The samples predate later TamperedChef-related activity by roughly two years, but share notable lure themes involving ZIP, PDF, media, and utility software.
Community Blogs
-
Squiblydoo
Malware analysis and security research blog.
-
RussianPanda
Malware analysis and threat research blog.
-
Noch Lab
Malware analysis and reverse engineering notes.
-
Neonprimetime
Malware analysis and security research blog.
Tools and Sandboxes
-
CyberChef
A must-have tool for encoding, decoding, deobfuscation, transformations, and quick analysis workflows.
-
VirusTotal
A common tool for file reputation, sample pivoting, community context, threat intelligence, and infrastructure research.
-
ANY.RUN
An interactive malware analysis sandbox useful for observing process behavior, network activity, and execution chains.
-
Hybrid Analysis
A sandbox and malware analysis platform focused on static and dynamic analysis.
-
Malcat binary analysis software
A malware analysis software offering multiple features.