WannaCry Ransomware: Static Triage, Kill Switch Logic, and MS17-010 Lessons
A real-world malware analysis case study of WannaCry, focusing on its SMBv1 propagation, kill switch behavior, and defensive lessons from the 2017 outbreak.
Deep technical analysis of offensive techniques, defensive countermeasures, and the underlying systems that connect them. All research is published for educational and defensive purposes.
A real-world malware analysis case study of WannaCry, focusing on its SMBv1 propagation, kill switch behavior, and defensive lessons from the 2017 outbreak.
A defender-focused deep dive into Kerberoasting mechanics, detection opportunities, and hardening recommendations for enterprise Active Directory environments.
Analyzing how Windows access tokens enable local privilege escalation through SeImpersonatePrivilege abuse and modern Potato-family exploits.
Practical guide to memory forensics using Volatility 3 plugins to identify process injection, credential artifacts, and attacker tooling in RAM dumps.
A practical framework for writing maintainable YARA rules that minimize false positives while catching real-world malware families.
Systematic approach to identifying and exploiting common Linux privilege escalation vectors including SUID binaries, capabilities, and cron misconfigurations.
Technical analysis of web cache poisoning attacks leveraging unkeyed headers and cache key normalization differences between proxies and origin servers.
A real-world case study of Log4Shell, the Apache Log4j remote code execution vulnerability, with practical guidance for asset discovery, patching, and detection.