oxygen

This blog presents the analysis of a Smokedham Remote Access Trojan (RAT) sample with a focus on Binary Refinery pipeline construction The malware uses a multi-stage execution chain involving a Python byte-compiled loader, an embedded PowerShell runtime, and a final in-memory .NET implant.

This page contains idekCTF 2025 writeups, covering SOC intern tasking in the misc category.

This page contains WWCTF 2025 writeups, covering Silver Moon in the forensics category.

This page contains L3akCTF 2025 writeups, covering Ghost In The Dark and BOMbardino crocodile challenges in the forensics category.

This page contains Cyber Apocalypse 2025 CTF writeups, covering all challenges in the forensics category.