Mario HenkelSetting up Whonix Gateway in VMWare WorkstationWarning: This scenario is not officially supported by Whonix. Depending on your threat model you might want to reconsider setting this up…7 min read·Jun 25, 2022----
Mario HenkelDissecting Redline Infostealer traffic — a SOAPy endeavourWhat is Redline Info Stealer?6 min read·Jan 18, 2022----
Mario HenkelDecrypting AzoRult traffic for fun and profitThere will be times in your career when you will be presented with a traffic capture and get the task to determine what happened and if any…5 min read·Feb 6, 2021----
Mario HenkelUsing CAPE Sandbox and FOG to analyze malware on physical machinesIf you are working in the field of IT security the concept of sandbox evasion shouldn’t be new to you. If it is, don’t worry - I got you…12 min read·Oct 15, 2020--1--1
Mario HenkelDecrypting NanoCore config and dump all pluginsWhile the original author of NanoCore was arrested back in 2017 and plead guilty, pirated copies of his creation keep floating around the…4 min read·Sep 10, 2020----
Mario HenkelDecrypting AgentTesla strings and configWorking in cyber security is all about being faster than your adversary to limit or prevent damage to the systems and users you are about…5 min read·Sep 3, 2020----
Mario HenkelDecrypt MassLogger 2.4.0.0 configurationThe malware MassLogger has been around for some time and different analysis approaches have been published in the past — for example by…3 min read·Aug 18, 2020----