malware-reversing 23
- StudioSecGhost: A Browser-Piggyback hVNC Agent That Skips the Hidden Desktop
- PoolParty in the Wild (2026): Reversing Three Samples and Building Cross-Variant Detection
- GuLoader Through the NSIS Lens: Word-Salad Obfuscation, System.dll Plugin Abuse, and Decoy Padding
- Destover: The Sony-Signed Backdoor That Walked Through The Front Door
- Amadey cred64.dll: Reversing the v5.78 Credential-Stealer Plugin (botnet 54e64e)
- VerShadow / FUD Crypt: A MinGW VERSION.dll Carrier With A Catbox Fallback And A Live Test Payload
- A Gafgyt Variant Branded 'YakuzaBotnet': Walking Through an assailant.x86 ELF
- IRoveroll: A Telegram-Exfiltrating Infostealer Hiding Behind svchost
- Discord RAT 2.0: When Your C2 is a Chat Server
- Pony/Fareit: Inside the Credential Machine That Targeted 60+ FTP Clients
- ZyreC2: The Game-Obsessed Mirai Fork That Left Its Homework Out
- NanoCore RAT v1.2.2.0: Dissecting a Persistent Commercial Trojan
- Dissecting a Chaos/Ares Go Botnet: 12 DDoS Vectors, DNS C2, and 11 Linux Persistence Mechanisms
- Reversing a Custom Cipher to Extract Quasar RAT: From Raw Disassembly to Decrypted C2 Config
- DcRAT in 48KB: Cracking the Config, Mapping the Plugin Loader, and Why the Stub IS the Malware
- Cracking a .NET Crypter to Extract a Weaponized XWorm: Bootkit, Rootkit, and a Zero-Day UAC Bypass
- Backdoor.Win64.Gsb: A Go Implant Hiding Behind Nuclear Reactor Simulations
- njRAT v0.7d 'HacKed' Campaign: Config Extraction, C2 Protocol, and Full Capability Mapping
- Pulsar RAT .NET Reversing: C2 Protocol Recovery, Costura Extraction, and DPAPI Credential Theft Pipeline
- Kaiji-Like Linux ELF Reversing: Persistence, C2 Token Recovery, and Ares Module Mapping
- Mirai-like ELF Reversing, Part I: Stage1 Trust Gate, Command Dispatch, and Killer Loop
- Stage1 (22.exe) Loader Reversing, Part I: Stage Decryption, Evasion, and Attribution
- From log.dll To A Decrypted Chrysalis Main Module