ÆTHER Security Lab

I wrote a tips and tricks blog an how to use a .NET 's own code against itself to decode strings in the .
https://www.fortinet.com/blog/threat-research/tips-and-tricks-using-the-net-obfuscator-against-itself

Tips and Tricks: Using the .NET Obfuscator Against Itself | FortiGuard Labs FortiGuard Labs recently analyzed a fake phishing email that drops the Warzone RAT. Read our blog that provides more detail on reverse engineering techniques used during the analysis.…

Rare occasion for me to use that I am from Hungary. But in this case a threat actor was using fake Hungarian government emails to drop Warzone RAT. So I wrote about it. It contained an interesting chain of obfuscated .NET binaries ending in the Warzone sample. Check it out:

Fake Hungarian Government Email Drops Warzone RAT | FortiGuard Labs FortiGuard Labs recently discovered an email pretending to come from the Hungarian government with a malicious attachment, which is a zipped executable that, upon ex*****on, extracts the Warzone RA…