In this short post, we dissect the inner workings of registration-free COM interop and present a known technique that red teamers can abuse to dynamically load .NET assembly logic. Additionally, minor obfuscated variations are presented in hopes of evading existing detection mechanisms. Proof-of-concept code snippets are provided in a variety of scripting languages to demonstrate versatility.
Threat-hunting, malware, ransomware, vulnerability analysis and news from authors of InQuest.
Posted on 2019-05-29 by Amirreza Niakanlahiji
Posted on 2019-04-30 by Amirreza Niakanlahiji
In this article, we analyze a malicious hta file that we found on VirusTotal. This instance uses a few interesting techniques to evade existing detection mechanisms. In this blog post, we provide an in-depth analysis of this instance and reveal the techniques that are utilized to keep the instance under the radar. At the time of hunting this instance, only two engines marked this instance as malicious.
Posted on 2019-03-26 by Adam Musciano
ThreatIngestor helps you collect threat intelligence from public feeds, and gives you context on that intelligence so you can research it further, and put it to use protecting yourself or your organization. In this post, we will go through the process of making a twitter bot.
Posted on 2019-03-09 by Amirreza Niakanlahiji
In this article, we dissect a sophisticated multi-stage PowerShell script that was found on HybridAnalysis a few days back. The discussion entails an in-depth analysis of the various techniques that this particular malware instance utilized to keep itself under the radar. As of writing this article, none of the AntiViruses on VirusTotal detected this sample.