My intermediate level malware analysis course is there. 60% off for the next two weeks. malwareanalysis-for-hedgehog…

I submitted a new sample to samplepedia.cc PoisonX rootkit. Video solution follows the next days. samplepedia.cc/sample/db5d28…

.@_hwangstice did a detailed writeup how the equation editor exploit CVE-2017-11882 works. hwangstice.github.io/blog/rt…

😂 @rifteyy just pointed me to this gem in the VT comment section for the empty file virustotal.com/gui/file/e3b0…

Together with @bzvr_, @2igosha and Anton Kargin, we identified that the DAEMON Tools software has been compromised in a complex supply chain attack since April 8. We see thousands of infections across 100 countries. If you use DAEMON Tools, run a malware scan immediately! [1/7]

Malware delivery site https[:]//www-rarlab[.]com - WinRAR app.any.run/tasks/aabc0c21-3…

New Video: Build your own LLM dynamic analysis lab 🦔🎥 ➡️ AI debugs and unpacks with x64dbg ➡️ AI can access powershell terminal youtube.com/watch?v=QrWzRgPs…

Mr. Titus Tech is correct. cpuid-dot-com is indeed delivering malware right now. As I began poking this with I stick I discovered this is not your typical run-of-the-mill malware. This malware is deeply trojanized, distributes from a compromised domain (cpuid-dot-com), performs file masquerading, is multi-staged, operates (almost) entirely in-memory, and uses some interesting methods to evade EDRs and/or AVs such as proxying NTDLL functionality from a .NET assembly. The C2 domain present in one of the binaries is a clear IoC. This is the same Threat Group who was masquerading FileZilla in early March, 2026. They've been busy.

The recording of my first Binary Cartography webinar is now public: Agentic Reverse Engineering: How AI Agents Are Changing Binary Analysis Topics: keygenning, cracking & anti-tamper removal Recording: youtube.com/watch?v=DZcDaXTv… Slides/code/samples: github.com/mrphrazer/binary-…

My malware analysis courses have now a new certificate design. malwareanalysis-for-hedgehog…

Added a task for the SugarSMP spark stealer sample to samplepedia samplepedia.cc/sample/060ed0…

Today I’m launching Threat Hunting Labs. Over the years I’ve analyzed many real-world intrusions. One thing became obvious: most training platforms don’t resemble how investigations actually happen. So I built something different. Threat Hunting Labs focuses on investigation-driven learning using real telemetry and structured investigative paths. If you want to get better at investigating breaches, you should practice investigating breaches. More details here: threathuntinglabs.com/blog/i…

I am genuinely impressed by mainstream media outlets ability to find absolute nobodies in cybersecurity. It's remarkable. I am often left speechless. There has been dozens occasions, especially as of recent, where some media outlet will be like, "Today as a special guest is world-renowned cybersecurity expert and ethical hacker Joe McCyberSecurity". I'm like, who the fuck is Joe McCybersecurity? I've been doing cybersecurity and malware stuff for a long time and I've never once seen or heard of Joe McCybersecurity. If he is world-renowned, I would THINK I would have seen them or heard of them. The camera then pans over to Joe McCybersecurity and it is the most generic cookie cutter white dude in a cheap suit and the tag below him will say something like, "Joe McCybersecurity, Ethical Hacker, CEO of Cybersecurity McJoe Industries" I'm like, "Cybersecurity McJoe Industries? What the fuck is that?". I look it up and it's a generic WordPress website hosted on GoDaddy with an expired SSL cert. Joe McCybersecurity then babbles incomprehensible nonsense for about 60 seconds until the TV host goes "woaw" and it cuts to a commercial. Absolute cinema.

#HadesStealer from hugovar(dot)com (3/65) virustotal.com/gui/file/b4e0…