This post details my analysis of AgentTesla and ZGRat malware samples, examining their behaviour, capabilities, and the indicators of compromise they leave behind. Overview The analysis revealed a sophisticated malware operation using both AgentTesla and ZGRat, with data exfiltration capabilities and persistence mechanisms. The malware authors implemented various techniques to evade detection while harvesting sensitive information from infected systems. Configuration Analysis The configuration analysis revealed SMTP credentials likely used for exfiltrating data:...

Virus.xcheck: A Tool for Finding Malware Samples I’ve always found it interesting how the security community shares and analyses malware samples. There’s a great resource called Virus Exchange that serves as a repository for malware researchers and security professionals. However, quickly checking if multiple file hash exists in their database wasn’t as straightforward as I wanted it to be. What is Virus.xcheck? Virus.xcheck is a Python tool I created that quickly checks if a file hash exists in the Virus Exchange database....

Pi-hole Wireguard VPN in Azure This guide outlines the steps for setting up a Pi-hole VPN with Wireguard on an Azure virtual machine (VM). We will cover creating the VM, configuring Wireguard, and installing Pi-hole. Step 1: Azure VM Setup Create a New Resource Group To create a new resource group, run: az group create --name rg-phwg-vpn --location uksouth Create a Virtual Machine Now, create your virtual machine with the following command:...

Building a blog with Hugo and Azure I recently set up this blog using Hugo and Azure Static Web Apps, and I wanted to share the process. This approach provides a fast, secure, and cost-effective (free!) way to run a technical blog. Here’s how I did it from scratch. Why This Stack? Hugo: Really fast static site generator with great Markdown support and documentation on how to integrate with Azure Statis Web Apps PaperMod theme: Clean design with dark mode and code highlighting etc Azure Static Web Apps: Free tier available, easy deployment, and global CDN Prerequisites Git Azure account Step 1: Install Hugo First, let’s get Hugo installed....

Welcome Hello and welcome to my blog! I’m Lewis. I work in security operations, incident Response, and other general research at Microsoft and I’m based in the UK. Outside of work, I often climb boulders and usually get chalk everywhere, stay active in the gym, badly play golf, and rotate between two or three additonal hobbies which I can’t seem to commit to. What to Expect This blog will range between topics:...