The what

Hello all,

this is a very simple space I am going to use to upload the results of my experiments in the realm of infosec, so that they can be easily shared.

I use the word experiment intentionally: of all the things that intrigue me the most about this sector, the opportunity to just try and see the results is particularly fascinating, be it malware analysis, coding or offsec.

Of course reinventing the wheel has been proved to be illogical, so I write something the moment I am not able to find the exact thing I am looking for online: if I must study it/do it myself, I might as well put it online for everybody to take advantange of the same way I take advantage of others’ work, right? In a way, this is also what motivates me.

I am mainly interested in malware and threat hunting, but also enjoy an occasional CTF.

This is my Twitter: @elioxyz

My work

This is a list of articles and writeup I have uploaded so far:

• Finding IOCs in a malicious Excel VBA mcacro: Loki, 17/07/2020
  

• New Emotet spam campaign (July, 2020): emotet, 19/07/2020
  

• Static code analysis of sLoad ($ver=”2.9.3”): sload, 22/07/2020
  

• Extraction of the Sodinokibi configuration file: sodinokibi, 26/08/2020
  

• Shell Link files 0-interaction exploitability: LNK, 13/11/2020
  

• Ursnif Word macro deobfuscation: ursnif, 06/12/2020
  

• Ursnif: behavioural analysis of the infection process: ursnif2, 15/12/2020

• Scammers scamming scammers, or a different approach to Bitcoin extortion: scam, 31/05/2021

• Ad-hoc malware for NFT artists: NFT, 14/01/2022

# HOWTO:

def try_harder(amount)
	if amount <= enough:
		try_harder(amount+1)
	else:
		try_harder(amount+2)