Check out the latest research of Trellix Advanced Research Center in which I took part. The blog deeps dive in the many differences of DarkGate latest versions. trellix.com/about/newsroom…

Since its first documentation in 2018, DarkGate has expanded its capabilities and become increasingly well-known. Ernesto Fernández, PhD. Phuc, and Ciana Driscoll dive into the details of the pricey malware's various iterations. Read for more. bit.ly/47jlbUn

Looking to learn about Qakbot? Our very own PhD. Phuc’s talk at code.talks explores how Qakbot evolved to exploit OneNote, as well as social engineering and technical tactics. Watch for more. bit.ly/47pknx1

As Trellix Advanced Research Center’s PhD. Phuc says, edge devices are both the first and last line of defense to our digital world. He predicts how attacks on these devices will shift in 2024. Read it here. bit.ly/48r3imH

New research from our team Trellix Advanced Research Center & Northwave. Intelligent Security Operations. expose RansomHouse's TTP. Group demanded $2.56M from a victim, negotiated down to $1.25M. Payment tracked on blockchain. RansomHouse "advised" victim to adopt zero trust, 2FA, update systems etc.

Alongside other researchers, catch our own PhD. Phuc at T on 26 April, unveiling groundbreaking insights on IoT malware, rootkit detection, and malware classification. Get the details here. #BotConf2024 bit.ly/3vKKJME

⚠️ Recent Threat Activity ⚠️ On August 4, at the Darkzone cybercrime forum, the actor RL-0 posted a dataset exfiltrated from an unidentified source claiming to contain info about the 2024 Paris Olympics. Follow the thread for findings from Senior Researcher PhD. Phuc. ⬇️

Iranian threat groups, such as APT35, MuddyWater, and more, continue to intensify activities targeting critical sectors and interfering with U.S. elections. Ernesto Fernández, PhD. Phuc, and John Fokker with Trellix Advanced Research Center provide an overview. bit.ly/4deoSws

Just published: 'MacOS Malware Surges as Corporate Usage Grows'. EDR is giving us broader visibility, while DPRK's targeting of macOS is escalating fast. A throwback to my Mac-A-Mal days, now things are on a whole different level. bit.ly/4f6lQw8

Insightful research into macOS malware trends & growth in the context of the enterprise! 🤗 (And do appreciate the many citations to Objective-See Foundation blog posts! 🥰)

Our findings on Phobos, an evolution of Dharma Ransomware (aka CrySIS), indicate unique, adaptive approaches to evade detections, revealing continuity among threat actors. Now, recent law enforcement aided in the decline of Phobos — read more. bit.ly/498GwkX

I recently helped a company recover their data from the Akira ransomware without paying the ransom. I’m sharing how I did it, along with the full source code. tinyhack.com/2025/03/13/dec…

My new article, "Writing a Full Windows ARM64 Debugger for Reverse Engineering," covers the topic in detail, including its internals and the core differences between Windows on Intel and ARM64: keowu.re/posts/Writing-…

🚨 New APT uncovered! 🚨 Trellix Advanced Research Center reveals #OneClik, targeting energy, oil, & gas via #phishing & Microsoft #ClickOnce. Stealthy "living off the land" tactics make it tough to detect. Full details here: bit.ly/4kYFblU

PhD. Phuc Detecting the APT is tricky because it uses legitimate AWS infrastructure, blending malicious traffic with normal activity, which evades traditional security tools. It abuses Microsoft’s ClickOnce to deliver malware, appearing as trusted software updates. AppDomainManager

We uncovered a North Korean IT worker scheme that used a seemingly innocent job application to get inside a victim's network. This is why proactive intelligence is key. Read our latest blog by John Fokker and PhD. Phuc. bit.ly/3Iz9Bx4