Lab notebook
In-depth analyses of malware samples, technique deep-dives, and lab notes from the field. Long-form, technical, no fluff.
3 articles in "Malware Delivery"
How attackers deliver malicious payloads through ordinary-looking HTML files that assemble themselves inside the browser — bypassing every network filter that never gets to see the payload.
Container files like ISO and IMG strip the Mark-of-the-Web from everything inside them when mounted as a drive. How BumbleBee and Emotet exploited this, what Microsoft changed, and how analysts triage containers today.
When Microsoft blocked internet-marked macros in 2022, attackers pivoted to LNK files. The binary structure, embedded command abuse, and the QakBot delivery chain that made LNK the dominant initial access vector of 2023.