Hunting New C2 Frameworks - Part 2 - Nexus C2, Shipped with Creds
A deep dive into a newly discovered C2 framework, Nexus C2 — its features, operational flaws, and the implications of AI-generated malware in the wild.
On the Hunt
Deep dive into malware analysis, threat hunting, blue team defense strategies, and red team techniques
Recent Posts
View allHunting New C2 Frameworks
A look at hunting C2 frameworks in the wild, including identifying a previously unknown C2 framework.
Device Code Phishing Campaign — Infrastructure Update
A follow-up investigation mapping 1,337 phishing URLs across 326 workers.dev hostnames, confirming a PhaaS multi-tenant architecture, encrypted client-side payloads, and new lure variants targeting Adobe, DocuSign, and Outlook branding.
Uncovering a New Device Code Phishing Campaign
Uncovering a phishing campaign abusing Microsoft Device Code Authentication and Cloudflare Worker Pages, with detection hunts for Entra and Microsoft 365.
Hunting Malicious NPM Packages with AI
A look into automating the hunt for malicious NPM packages, using AI for package review.