Research notes on malware analysis, reverse engineering, DFIR and offensive security.https://sealkisnotklaes.fr/enhttps://sealkisnotklaes.fr/articles/web-extension-abusing-chrome/https://sealkisnotklaes.fr/articles/web-extension-abusing-chrome/This article provides a comprehensive analysis of a little-documented threat, which is a Chrome extension distributed by a powershell script. Its objective is not to compromise the workstation, but to monetize user traffic...Mon, 01 Dec 2025 00:00:00 GMThttps://sealkisnotklaes.fr/articles/winapi-hooking-used-by-malware/https://sealkisnotklaes.fr/articles/winapi-hooking-used-by-malware/This article focuses on the study of injection for hooking Windows API functions. We'll explore what hooking is, how it works and how it's implemented...Mon, 09 Sep 2024 00:00:00 GMThttps://sealkisnotklaes.fr/articles/brute-ratel-brc4/https://sealkisnotklaes.fr/articles/brute-ratel-brc4/This article will not be a detailed malware analysis report on the features of Brute Ratel (BRC4), but rather a study focusing on several samples of the same version...Tue, 10 Oct 2023 00:00:00 GMThttps://sealkisnotklaes.fr/articles/technique-API-hashing/https://sealkisnotklaes.fr/articles/technique-API-hashing/In this article we will look at how the API hashing technique works and how to defeat it...Fri, 06 Jan 2023 00:00:00 GMThttps://sealkisnotklaes.fr/articles/analysis-kardon/https://sealkisnotklaes.fr/articles/analysis-kardon/This is my first article on malware analysis. The sample analyzed is Kardon...Mon, 22 Nov 2021 00:00:00 GMT