Img

Malware Analysis and Detect Response



Malware analysis isn't just part of a job, it's a
hobby. Like many in the field of DFIR, I find that playing with
samples, looking at obfuscation and reversing engineering is fun. Many Practitioners feel that sharing with the community is
important. I also feel that sharing samples, detection techniques and indicators is an important public service.  Hopefully the content in this site is found to be useful analysts who happen to come upon this page.

What's on this site?

I won't host any samples on this site, I will have however share indicators, and links to public sandbox runs and virustotal pages.

On the blog I will attempt to provide some detailed analysis of samples and alert data.

In the Downloads section I will provide some custome decoder scripts for many of the DOSfuscation and Powershell obfuscation techniques I've observed from Emotet and Trickbot type campaigns.

Watch in the future for some CTF challenges as well.
Why the imagry on this site? Simple, I like the representation of "Defense". The St. Benedict medal is known as a "Devil Chaser" and is seen as a defense against evil. Much like guardian angels who defend against evil, I look at Detect/Response analysts in much the same way, we want to defend against evil.