Mario HenkelSetting up Whonix Gateway in VMWare WorkstationWarning: This scenario is not officially supported by Whonix. Depending on your threat model you might want to reconsider setting this up…Jun 25, 2022Jun 25, 2022
Mario HenkelDissecting Redline Infostealer traffic — a SOAPy endeavourWhat is Redline Info Stealer?Jan 18, 2022Jan 18, 2022
Mario HenkelDecrypting AzoRult traffic for fun and profitThere will be times in your career when you will be presented with a traffic capture and get the task to determine what happened and if any…Feb 6, 2021Feb 6, 2021
Mario HenkelUsing CAPE Sandbox and FOG to analyze malware on physical machinesIf you are working in the field of IT security the concept of sandbox evasion shouldn’t be new to you. If it is, don’t worry - I got you…Oct 15, 20201Oct 15, 20201
Mario HenkelDecrypting NanoCore config and dump all pluginsWhile the original author of NanoCore was arrested back in 2017 and plead guilty, pirated copies of his creation keep floating around the…Sep 10, 2020Sep 10, 2020
Mario HenkelDecrypting AgentTesla strings and configWorking in cyber security is all about being faster than your adversary to limit or prevent damage to the systems and users you are about…Sep 3, 2020Sep 3, 2020
Mario HenkelDecrypt MassLogger 2.4.0.0 configurationThe malware MassLogger has been around for some time and different analysis approaches have been published in the past — for example by…Aug 18, 2020Aug 18, 2020