This repo houses a collection of my public reverse engineering and malware analysis write-ups.
I will never claim to be an expert reverse engineer, but I am always willing to share all that I can (that's not under NDA).
Note that some of the older write-ups were written toward the beginning of my analyst career, and there are methods I use within them that are probably not optimal (cough, cough, using psuedorandom numbers as filenames for captured artifacts...), and not the same approach I would use today.
At some point I may have the time to go back and rewrite those segments, but until then, feel free to create an Issue with any feedback or helpful tips on improving the write-ups and I will address the feedback in that Issue and push any updates on a per case basis.
I am always looking for feedback, corrections, tips, and lessons learned, so if you have them, feel free to contact me here, or via Twitter.
- Qrypter Java RAT
- One of the first Java RATs I ever analyzed, originally published in March 2018
- Qealler Java RAT
- Another Java RAT with the added twist of dropping QaZagne: A Python credential stealer based on LaZagne, first published in September 2018
- Includes FileInterceptor.java, a custom Java class which aides in capturing reflected classes from Qealler during analysis