Graph Api Overwhelm
https://www.alphaf0x.com/posts/graph-api/
Published: November 2, 2025 00:00
Guide to understanding, ingesting, and leveraging Microsoft Graph API Activity logs for security operations and detection engineering.
🦜 irchaos.club
@irchaos.club@rss-parrot.net
I'm an automated parrot! I relay a website's RSS feed to the Fediverse. Every time a new post appears in the feed, I toot about it. Follow me to get all new posts in your Mastodon timeline! Brought to you by the RSS Parrot.
---
Latest posts from irchaos.club
Site URL: irchaos.club
Feed URL: irchaos.club/rss.xml
Posts: 13
Followers: 2
Darkgate 3: Return of the Temp
https://irchaos.club/darkgate-3-return-of-the-temp
Published: October 21, 2025 00:00
Analyzing the prolific malware loader that loves AutoIt.
Digging into Windows Defender Detection History (WDDH)
Published: October 18, 2025 00:00
Reverse engineering Windows Defender Detection History (WDDH) files to understand their binary structure and develop a Python parsing tool. Covers methodology from identifying data sources in MsMpEng.exe to creating a standalone CLI parser for DFIR…
Desired State Configurations
https://mashtitle.com/2025/10/13/desired-state-configurations/
Published: October 13, 2025 00:00
Practical tour of DSC v1.1–v3.1: a PowerShell example, Azure Machine Configuration gotchas/deprecations, and a concise feature matrix—plus notes from building a Terraform-provisioned Windows detection lab.
Opened a Can of XWorms
https://grepstrength.dev/opened-a-can-of-xworms-33fde9d2aee6
Published: September 29, 2025 09:05
Persistence Personified
Scavenger Malware Distributed via num2words PyPI Supply Chain Compromise
Published: July 28, 2025 00:00
A brief report on the num2words PyPI supply-chain compromise that distributed Scavenger malware. It details how a malicious update (v0.5.15 and v0.5.16) injected Windows DLL-loading code into __init__.py, executing the Scavenger Loader which connects to…
Install Linters, Get Malware - DevSecOps Speedrun Edition
https://irchaos.club/install-linters-get-malware
Published: July 20, 2025 00:00
How Scavenger rode a compromised npm eslint-config-prettier: loader/stealer internals, anti-analysis + XXTEA C2, Chromium targeting, BeamNG ties, and actionable IOCs (with InvokeRE)
Supper is served
https://irchaos.club/supper-is-served
Published: June 29, 2025 00:00
A deep dive into Supper (Interlock RAT) a fileless Windows backdoor linked to Vice Society clarifying public report errors and detailing its C2 protocol, encryption, self-deletion, and reverse shell behavior.
Incident Response Checklist
https://mashtitle.com/2025/06/01/incident-response-checklist/
Published: June 1, 2025 00:00
Windows-focused IR checklist mapping key Event IDs to ATT&CK/Kill Chain stages, with GFM checkboxes for triage and a downloadable HTML version—note the latest lives on GitHub.
Analyzing the RedTiger Malware Stealer
https://irchaos.club/redtiger-malware
Published: March 16, 2025 00:00
Analysis of RedTiger, a python based stealer that leverages Discord to exfiltrate credentials
Dissecting a fresh BlankGrabber sample
https://irchaos.club/dissecting-blankgrabber
Published: February 15, 2025 00:00
Analysis of BlankGrabber, a python based stealer
Threat hunting for shits and giggles
https://irchaos.club/threat-hunting-for-giggles
Published: November 28, 2024 00:00
Analyzing XWorm and tracking related infrastructure with hunt.io
Automating Qakbot Malware Analysis with Binary Ninja
https://invokere.com/posts/2024/02/automating-qakbot-malware-analysis-with-binary-ninja/
Published: February 21, 2024 00:00
A deep dive into Supper (Interlock RAT) a fileless Windows backdoor linked to Vice Society clarifying public report errors and detailing its C2 protocol, encryption, self-deletion, and reverse shell behavior.