RPRudra Ponksheinblog.realrudrap.dev·3d ago · 7 min readThe Attacker's DisciplineThere is a specific kind of cognitive dissonance that comes from reverse engineering a malware sample in one terminal while your own app's backend runs in another. I spent the better part of the last 30
RPRudra Ponksheinblog.realrudrap.dev·Jul 8 · 11 min readI Found the Live C2 Server Controlling Thousands of Infected DevicesIf you've been following along, here's where we are: a spam SMS dropped an APK, the APK was a dropper that XOR-decrypted a multi-DEX container, HMAC-validated it, AES-decrypted it, and loaded the resu20
DPDiego Petitinthedevbox.hashnode.dev·Jul 4 · 12 min readXuperTV (formerly MagisTV): The Largest Residential Proxy Botnet Ever Built - Disguised as an IPTV AppTL;DR: XuperTV, a popular Latin American IPTV app with millions of downloads, contains a hidden P2P proxy network that turns every user's device into a residential relay node. Our analysis confirms th00
RPRudra Ponksheinblog.realrudrap.dev·Jun 24 · 15 min readThe Spam SMS that turned into a rabbit hole⚠ WARNING: If you received a SMS claiming your vehicle has an outstanding RTO challan with a link which downloads an .apk file, do not open it. This is an active malware campaign as of June 2026 imper30
KRKishore Rinkishorecybersec.hashnode.dev·Jun 19 · 4 min readCan AI Replace Cybersecurity ?Introduction: Cybersecurity is not immune from the ever-evolving power of Artificial Intelligence (AI). Today, AI-driven solutions can identify threats with speed, analyze vast amounts at once and aut10
JTJeff Tonginwind010.hashnode.dev·Jun 15 · 8 min readMalware DetectionWhat is YARA? How do we detect if a system is infected? Typically, cybersecurity defenders use YARA rules for malware detection. YARA is the engine that runs these rules. The modern engine is YARA-X w00
JTJeff Tonginwind010.hashnode.dev·Jun 12 · 15 min readMalicious Binary Reverse EngineeringI'm no Low Level (Ed) or John Hammond. I'm at the point where it's a skills issue. I need some guidance. Initially, I tried to get have Claude Codede to analyze the malicious repository with instructi00
JTJeff Tonginwind010.hashnode.dev·Jun 12 · 13 min readDeeper Malware Binary AnalysisWe've setup the docker container with disassemblers like radare2 in the previous post. Separation of Concerns I'm going to use radare2 to slice out by offset/size from the header. We used file and obj00
JTJeff Tonginwind010.hashnode.dev·Jun 11 · 10 min readMalicious Binary Analysis In Malicious IPs and Domain Reconnaissance we trace the endpoints where the suspicious code is coming from. We're going to dive deeper, but I need some protections. The DNS, registry, and endpoint rec00
JTJeff Tonginwind010.hashnode.dev·Jun 10 · 6 min readMalicious Github Repository AnalysisDiscovery I was doing some research on CVE-2026-41940 after catching up on the Security Now podcast and looked for a PoC to better understand the the vulnerability. That's when a simple Google search 10