✕

5hBlog

5haring is caring

Dissect Packed Malware 101

Understand how packers compress or encrypt malicious code to conceal its true functionality and bypass detection.

Posted on July 21, 2025

[Read More]
PEBby Injector

How malware can retrieve base address of loaded modules in order to resolve specific functions.

Posted on December 3, 2024

[Read More]
Lotus Blossom Dropper

Code analysis of a dropper developed and deployed during espionage campaigns by Chinese nexus threat group Lotus Blossom.

Posted on July 5, 2024

[Read More]
AMSI bypuss 0x3

This technique permit to achieve another AMSI bypass via hardware breakpoints. How can we detect this kind of technique? keep reading.

Posted on January 3, 2024

[Read More]
PPL process dump

What is it a PP/PPL process, how can we bypass it and how can we detect related bypass attempt pattern? keep reading.

Posted on November 9, 2023

[Read More]

Older Posts