Malware

Building a Simple Trojan with Python: A Step-by-Step Guide

Date: 30/07/2025

In this article, I will explain how to write a basic remote access Trojan using Python, and for increased stealth, we will embed it into a game. Even if you’re not familiar with Python, this will help you better understand how such malware is constructed and give you an opportunity to practice programming.

Read full article →

Defending Windows: DIY Security Without Antivirus Software

Date: 19/07/2025

Author: Nik Zerof

If you want to protect yourself from viruses, you need antivirus software, right? Not necessarily. Antivirus programs have several drawbacks, so if you’re willing to think and act wisely, you can minimize the risk of infection on your own. All it takes is following some digital hygiene practices and making a few important system adjustments. That’s exactly what we’ll discuss.

Read full article →

Dumping at nanolevel. How I reinvented SafetyKatz to dump LSASS with NanoDump

Date: 13/06/2025

Author: snovvcrash

This article discusses the covert use of the NanoDump utility from memory (i.e. the simulated attacker doesn’t have a C&C ‘beacon’ on the attacked network node) and compares such an application of NanoDump with the use of SafetyKatz.

Read full article →

Agent Tesla: Reversing combat malware in Ghidra

Date: 15/05/2025

Author: Nik Zerof

Recently I encountered an interesting piece of malware called Agent Tesla. It’s still widespread and actively used by cybercriminals (the analyzed sample was dated 2023). Let’s dissect this remote access trojan and find out what’s hidden inside it.

Read full article →

Disassembling REvil. The notorious ransomware hides WinAPI calls

Date: 04/08/2020

Author: Nik Zerof

Some unknown hackers have recently attacked Travelex foreign exchange company using REvil ransomware. This trojan employs simple but efficient obfuscation techniques that conceal its WinAPI calls from the victim. Let’s see how the encoder works.

Read full article →

Encoder for Android: сomplete software anatomy

Date: 12/02/2016

Author: Andrei Pakhomov

Until recently, based on the results of surveys and personal experience, I had the impression that users believe that the value of data stored on a device greatly exceeds the cost of the device itself. Why until recently? Well, the current US dollar exchange rate means that I haven’t seen such surveys among new iPhone users :).

Read full article →

Avian influenza. Review of *nix vulnerabilities in 2015

Date: 22/01/2016

Author: Martin Prankevich

According to cvedetails.com, more than 1,305 vulnerabilities have been found in the Linux core since 1999. Sixty-eight of these were in 2015. Most of them don't cause many problems (they are marked as Local and Low), and some may cause problems only if they are attached to certain applications or OS settings. In reality these numbers are not that big, but the core is not the entire OS. There are also vulnerabilities found in GNU Coreutils, Binutils, glibs and, of course, user applications. Let's take a look at the most interesting of the bunch.

Read full article →