Microsoft Accounts Targeted by Global Brute-Force Campaign
Summary In recent weeks, a targeted brute-force campaign, has been attempting to compromise a wide range of Microsoft accounts. This entry dives into my personal experience with this attack and illustrates how accounts with two-factor authentication (2FA) enabled may still be at risk. Saturday Night Surprise On Saturday, March 5th, 2025, a family member notified…
DarkGate Malware: Understanding Delivery and Infection Vectors
Overview In 2018, security researcher Adi Zeligson discovered the DarkGate malware spreading through fake video torrent files. Though weaponization, delivery, and exploitation changes frequently, installation has remained fairly the same. A Microsoft Software Installer (MSI) file or Visual Basic Script (VBS) will instantiate an AutoIT script and AutoIT interpreter. The AutoIT script then allocates memory…
VirtualBox VM Memory Dump: Easy Step-by-Step Tutorial
(This Walk-through was performed using Windows 10 and Oracle® VM VirtualBox 7.0.18) I recently finished a research project that involved acquiring virtual memory dumps to use with the memory analysis tool Volatility. This prompted me to learn how to perform a memory dump of a VirtualBox VM which wasn’t as straight forward as I’d hoped.…
Dead In The Water: A Deep Dive Into KillDisk
Overview KillDisk made its entry onto the world stage as a component of the BlackEnergy trojan; most notable for its attacks on the Ukrainian energy sector between 2014 and 2015. What KillDisk lacks in speed it makes up for in effectiveness; earning the reputation as one of the most destructive wipers in existence. The name…
Advanced Persistent Thievery of APT38
APT38 shows an expert proficiency in technological skills, conducting cross-platform campaigns and crafting malware payloads designed for use in a variety of environments. These efforts are executed in tandem with massive reconnaissance campaigns, suggesting the group has access to a significant amount of human and technological resources.
Cutting Through The Fog Of Cyberwar: A Deep Dive Into TA402
Assigning a national identity to a threat actor is difficult, and for the private security industry, the practice is questionable. This is especially true when forensic evidence is elusive. But, there is more to attribution than enabling a proportionate political response. This is likely where the true motives behind any hastily made attribution can be…
Cracking CopperStealer
One of the greatest perks of my current job is the freedom to investigate any security topic of my choosing. This means that falling down the rabbit hole of threat intel is a common occurrence. The LNKR incident was my gateway into digital forensics, however this has uncovered a connection to another instance of malware…
The LNKR Incident
The LNKR trojan is an infected browser extension that monitors the web pages visited by the user, looking for pages with administrative privileges such as blog sites or web-based virtual learning environments. When a user with admin privileges posts to the page, the extension will include a stored cross-site scripting attack and injects malicious JavaScript…
An Introduction:
When I set out to start this blog I did so at the encouragement of my mentor… It was his advice that I find a greater value in my education beyond my simple learning experience and use this to give back to the industry.
About D33P_DIV3R
As the subtitle states, this blog is about threat analysis, malware research, and penetration testing. It’s also about my journey into the world of cybersecurity and personal growth.
Follow My Blog
Get new content delivered directly to your inbox.
DEEP DIVER - Cybersecurity Blog 