analysis
Deep dives into malware, phishing campaigns, and attacker tradecraft.
Focused on how things behave at runtime and what defenders can actually detect.
Analyzing A Recent Agent Tesla Sample
Breaking down a January 2026 Agent Tesla sample that hides its payload until runtime. Covers credential harvesting across 15+ applications, Startup folder persistence, and FTP exfil to attacker infrastructure. Includes ready to use KQL queries for hunting.
1/31/2026
Windows Loader/Stager Crash Case
Dynamic analysis of a Windows executable that performed environment checks, re-executed under a new parent, and triggered a CRITICAL_PROCESS_DIED bugcheck without observed payload delivery.
1/27/2026
Lumma Stealer HTA Loader Analysis
Static analysis of a Lumma Stealer HTA loader that self-reads, decodes embedded hex payload data, and executes it via eval.
1/12/2026