My DotNet Analysis Workshop at Botconf yesterday went great! Attendees were really interested, and made it an interactive experience all around! I want to thank Trellix for supporting this and allowing me to work on this!

The actor behind the Kuiper ransomware tried to sell their source code on XSS, and subsequently got banned for breaking the rules. To provide proof of their ransomware's capabilities, they linked to the blog I wrote for Trellix

Gave a Ghidra & Golang reversing workshop earlier this week at De Haagse Hogeschool / THUAS for Trellix. The students were enthusiastic and had plenty of questions. Thoroughly enjoyed it!

The second entry in my Ghidra series provides background information on the recently released BSim feature: maxkersten.nl/2024/03/31/ghi…

Last week, I represented Trellix at Fontys' cyber security minor with my Ghidra 101 workshop! It was an absolute blast, with motivated students all around!

RansomHouse is an active ransomware gang. In my most recent blog for Trellix Advanced Research Center, together with PhD. Phuc and in collaboration with Northwave. Intelligent Security Operations., we wrote about the ransomware spreading tool that's been used, along with a ransomware negotiation: trellix.com/blogs/research…

Based on this, I updated the Trellix Advanced Research Center Ghidra script to locally use this JSON file. Additionally, I wrote a script to query the Malpedia web service via the exposed API, which one can also host locally. The Ghidra scripts can be found here: github.com/advanced-threa…

The most recent Ghidra update by NSA Cyber allows one to use fuzzy function recognition. The documentation along with it is of great use: github.com/NationalSecuri…

The Akira ransomware is actively used. In my most recent blog for Trellix, written with Valthek, we dive into the group's background, victimology, and TTPs: trellix.com/about/newsroom…

Great to see the community share SHAREM, the framework where Dr. Bramwell spoke about at DEFCON, where I also spoke about my Ghidra script addition to the framework: github.com/advanced-threa…