In this blog post series about analysis and obfuscation, I decided to start with one of the most common techniques: Flattening.

Control-Flow flattening is one of the many obfuscation and anti-analysis techniques used by both legitimate software and malware. …


The first time I heard about SunCrypt I was just enjoying my time off preparing some stuff to get dinner ready. My colleagues sent me over some weird samples that were flagged as SunCrypt that were also beaconing to Maze C2 infrastructure, however they weren’t Maze but shared some similarities…


For a long time the World has been hearing the ransomware word a lot since Wannacry and still today many hosts for different reasons are compromised or still having remnants of very old ransomware infections such as Cryptowall, Wannacry, Petya and even HiddenTear variants. …


More ransomware analysis! Many companies and institutions are experiencing a strong season of ransomware attacks leveraged by different threat actors that after the intrusion use ransomware to obtain direct income from them(RaaS model). Among these new ransomwares I decided to pick Mespinoza aka Pysa ransomware.

Mespinoza also know as Pysa…


deathransom ransomware header

One of the things I enjoy in my free time is malware analysis and tracking so I decided to push out work from time to time and publish some of my findings in the blog.

I particularly enjoy tracking trojans, infostealers and ransomware for different reasons, among them, the fact…


I wanted to put emphasis on Metasploit since is widely used and known by penetration testers, Red Teamers, but also used by many threat actors, including FIN groups. Sometimes I have the feeling that people can underestimate the use of this framework but please, just don’t.

Following the topic about…


When working on network traffic analysis, responders need to identify quickly the severity and the depth of the incident once it has been determined that something is going on in a certain host. …


There’s a lot of stories nowadays about breaches, intrusions and events around the world.


In this story, I’ve decided to talk a little bit about this cool mixture that almost everyone in infosec love: read team + blue team.

For this particular case, I wanted to add something out of the words and start talking about more real-scenarios for penetration testing and then this…


Amazon Web Services a well known IaaS (Infrastructure As A Service) cloud platform to deploy services like virtual machines, storage services, Networks to expand a private cloud like for example an enterprise’s datacenter, and a ton of really cool services easy to use and to deploy in a fast way…

Sapphire

Kimchi and Ransomware. Incident Responder and sort of malware analyst in my free time. Personal blog, opinions are my own.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store