https://www.threatcat.ch/blog/ Recent content in Blogs on ThreatCat.ch Blog Hugo -- gohugo.io en-us Thu, 07 Dec 2023 00:00:00 +0000 https://www.threatcat.ch/blog/encryption-as-obfuscation/ Thu, 07 Dec 2023 00:00:00 +0000 https://www.threatcat.ch/blog/encryption-as-obfuscation/ Some time ago, we analyzed a sample with an encrypted payload using an interesting technique. Unfortunately we can’t share the sample, and it isn’t available on Virustotal neither. https://www.threatcat.ch/blog/when-hunters-become-prey/ Thu, 29 Jun 2023 00:00:00 +0000 https://www.threatcat.ch/blog/when-hunters-become-prey/ TL;DR We discovered what we believe is a Client Side Template Injection (CSTI) vulnerability in Nuclei that allows an attacker to crash the scanner (Denial of Service - DoS) and, under certain circumstances, even leak secret keys. https://www.threatcat.ch/blog/fentastic-chessadecimal-encrypgn-solution/ Thu, 27 Apr 2023 00:00:00 +0000 https://www.threatcat.ch/blog/fentastic-chessadecimal-encrypgn-solution/ This blog post shows different ways to solve the Capture the Flag (CTF) challenge posted on April 21, 2023. https://www.threatcat.ch/blog/fentastic-chessadecimal-encrypgn/ Fri, 21 Apr 2023 00:00:00 +0000 https://www.threatcat.ch/blog/fentastic-chessadecimal-encrypgn/ We created a CTF to celebrate the World Chess Championship 2023 between Ian Nepomniachtchi and Ding Liren: https://www.threatcat.ch/blog/undo-dotnet-constant-obfuscation-in-ida-pro/ Thu, 09 Mar 2023 00:00:00 +0000 https://www.threatcat.ch/blog/undo-dotnet-constant-obfuscation-in-ida-pro/ While .NET malware samples are usually easy to decompile using dnspy and similar tools, possibly after an initial unpacking step using dnspy’s debugger or a dedicated unpacker like ConfuserEx, there often remain additional “small” obfuscations of strings or constants.