On Humor

While dealing with the trials and tribulations of life over the last few years, I've found myself returning to Hegel, Lacan, and old ideas I considered before I'd read them. That is, nature and existence being somewhat paradoxical, albeit in a rather ordinary way—a sort of Möbius back-and-forth dictating all things.

Malicious RTF Detection

I was just looking at Yara rules for RTF and OLE objects and stumbled across this post by Nextron Systems detailing a simple but effective method for detecting potentially malicious RTF documents.

Agent Tesla Spearphishing

More .NET malware analysis. In this post, we'll be analyzing another spearphishing email, this time masquerading as a mathematics paper exploiting CVE-2017-11882. And we'll generate some Yara rules for detecting it.

Sysmon Custom Templates for Event Tracing

A few days ago I learned it's possible to modify Window's Sysmon to enable tailored Windows Event Tracing. Of course, this isn't a replacement for a high quality EDR. But