AsyncRAT is an open source remote administration tool written in C#. It is often used by attackers for malicious purposes. It contains obfuscated and AES-encrypted strings in its configuration. In this blog post, I would like to describe my approach of decrypting those strings with CyberChef with leverage the power of Registers and other CyberChef features.

Two years ago, very famous vulnerability in Log4j (CVE-2021-44228) was present in many products, including the Minecraft game. This blog post introduces a Docker image with vulnerable version and PoC for educational purposes. I used it for demonstration of Log4shell exploitation in older Minecraft server during my lectures.

In the second part of our overview we continue with the selection of the most used and most usable malware analysis tools. Moreover, we select the tools which are freely available. This time, we focus on tools for analysis other types of the files instead of the native binaries from the previous blog.

In this overview we introduce the selection of the most used and most usable malware analysis tools. Moreover, we select the tools which are freely available.

Attackers compromised up to 1500 companies during massive ransomware attack, which is now reported as one of the largest cyber attacks ever. Victims have been infected with REvil ransomware, which is similar to DarkSide ransomware used recently in Colonial Pipeline attack. However, this time, the deployed REvil ransomware was more obfuscated than versions observed in beginning of 2021. In this article, we will discuss the obfuscation techniques used by REvil in Kaseya incident.