Blog

2024

• Microsoft Teams + DarkGate Malware = A Match Made In Heaven - Part 1​ - 04-19-2024

  It was quite a mundane Monday, I had just signed off for the day and was looking forward to dinner plans with my family, when a delightful email graced my inbox. It was an alert for some suspicious cscript activity on an endpoint that needed to be investigated. Not good.

• The Case Of The Missing Method​ - 02-01-2024

  Today is a quick and fun one, we are going to look at an unassuming .vbs file titled “Scanned-REF23CR1103BILLED.vbs”. Surely legitimate business, right?

2023

• Fake Software Abusing Real Software For Fun And Profit - Part 2!​ - 09-29-2023

  Picking up where we left off, from Part 1.

• Fake Software Abusing Real Software For Fun And Profit - Part 1!​ - 08-24-2023

  Today I want to look at an interesting infection that abuses legitimate software in an attempt to stay covert and perform malicious activity, unnoticed.

• Google Chrome Update? More Like Infected With Netsupport Rat!​ - 07-31-2023

  Today we received an alert about and endpoint running a suspicious commandline:

• Defeating Obfuscation With Dynamic Analysis And Powershell Logging​ - 06-13-2023

  It all started with ‘Creative Content Production.js’

• Multi-Language Script Execution Leads to Asyncrat​ - 03-17-2023

  Today I was reviewing Crowdstrike High and Critical detections for the entire org.