LATEST POST
DanaBot Banking Trojan — Back from Operation Endgame
DanaBot is a long-running Windows banking trojan that re-emerged in late 2025 with a rebuilt C2 infrastructure and fresh campaigns. This post walks through how it works, how it’s delivered, and how to investigate and ...
FEATURED
ClickFix Gets Sneaky: Lumma & Rhadamanthys Hiding in PNG Pixels
AI-Powered Malware: Dynamic Code Generation and the Rise of Adaptive Threats
AI Data Exposure — The Human Factor Behind GPT Incidents
Sextortion Scams Are Back: What They Are, How They Work, and Why They’re So Effective
PREVIOUS POSTS
Weekly Threat Trends — Week Commencing 1st December 2025
This week is all about early AI-powered malware experiments like PROMPTFLUX, and why solid memory forensics with Volatility is becoming a must-have skill for dealing with shape-shifting loaders and fileless tradecraft.
Windows Endpoint Timeline Forensics — Rebuilding the Story from Artefacts
Good DFIR is really good storytelling backed by artefacts. This post breaks down how to reconstruct a Windows endpoint timeline using Prefetch, Amcache, Shimcache, SRUM, event logs, and more — so you can explain exact...
Mispadu Banking Trojan — Latin America’s Credential Harvester
Mispadu is a Latin American–focused banking trojan that blends phishing, malvertising, and social engineering with a modular stealer and remote control back-end. This deep dive walks through how it spreads, how it ope...
Cloud Forensics — Investigating Incidents in AWS, Azure & GCP
Cloud breaches look chaotic at first: APIs everywhere, short‑lived resources, and logs scattered across regions and services. This post walks through how to think about cloud forensics, what to collect, and how to rec...
DarkGate Malware — Loader, Stealer, and RAT in One
DarkGate has quietly evolved into a mature malware-as-a-service platform: loader, stealer, and full-featured RAT. This deep dive breaks down how it spreads, how it operates, and how to hunt it in your environment.
Weekly Threat Trends — Week Commencing 17 Nov 2025
A deep, narrative-driven exploration of autonomous intrusion ecosystems, self-optimizing phishing kits, reinforcement-learning exfil bots, cloud persistence, and intelligent malware families shaping the week.
Email Forensics — Tracing a Phish End-to-End
Phishing is the initial access vector in most intrusions. This deep guide walks through header analysis, payload extraction, and chain reconstruction so you can follow a phish from delivery to C2.
BlackCat (ALPHV) — Ransomware’s Fall and the Clones That Followed
BlackCat (ALPHV) pushed ransomware evolution: polished extortion flows, strong encryption, and a mature affiliate model. This post dissects its internals, TTPs, detection artefacts, and the wave of copycats that follo...
Weekly Threat Trends — Week Commencing 10 Nov 2025
A story-driven deep dive into this week's evolving cyber landscape — adaptive malware, self-healing botnets, AI weaponization, deepfake-driven deception, and cloud persistence redefining how attackers think.
