all posts

2026-06-06

4n6 Lab, Part 1

Forensics investigation of a ransomware incident on a Windows workstation. From initial access via a fake IT support call to full kill chain reconstruction.

#forensics #incident-response #ransomware #windows #cobalt-strike

2026-05-15

A case of Shai-Hulud

Digging into the source code of Shai-Hulud, a self-propagating npm worm built for GitHub Actions and CI/CD environments.

#malware #supply-chain #github-actions #npm

2026-04-20

A case of etherRat

Digging into EtherRAT, a Node.js backdoor found in the wild that stores its C2 address on the Ethereum blockchain.

#malware #forensics #investigation #blockchain