Posts

This post details my analysis of AgentTesla and ZGRat malware samples, examining their behaviour, capabilities, and the indicators of compromise they leave behind. Overview The analysis revealed a sophisticated malware operation using both AgentTesla and ZGRat, with data exfiltration capabilities and persistence mechanisms. The malware authors implemented various techniques to evade detection while harvesting sensitive information from infected systems. Configuration Analysis The configuration analysis revealed SMTP credentials likely used for exfiltrating data: ...

Virus.xcheck: A Tool for Finding Malware Samples I’ve always found it interesting how the security community shares and analyses malware samples. There’s a great resource called Virus Exchange that serves as a repository for malware researchers and security professionals. However, quickly checking if multiple file hash exists in their database wasn’t as straightforward as I wanted it to be. What is Virus.xcheck? Virus.xcheck is a Python tool I created that quickly checks if a file hash exists in the Virus Exchange database. It’s designed to be simple yet useful, making it easy to verify whether a suspicious file has been previously identified and cataloged. ...

Pi-hole Wireguard VPN in Azure This guide outlines the steps for setting up a Pi-hole VPN with Wireguard on an Azure virtual machine (VM). We will cover creating the VM, configuring Wireguard, and installing Pi-hole. Step 1: Azure VM Setup Create a New Resource Group To create a new resource group, run: az group create --name rg-phwg-vpn --location uksouth Create a Virtual Machine Now, create your virtual machine with the following command: ...

Building a blog with Hugo and Azure I recently set up this blog using Hugo and Azure Static Web Apps, and I wanted to share the process. This approach provides a fast, secure, and cost-effective (free!) way to run a technical blog. Here’s how I did it from scratch. Why This Stack? Hugo: Really fast static site generator with great Markdown support and documentation on how to integrate with Azure Statis Web Apps PaperMod theme: Clean design with dark mode and code highlighting etc Azure Static Web Apps: Free tier available, easy deployment, and global CDN Prerequisites Git Azure account Step 1: Install Hugo First, let’s get Hugo installed. I created a project folder and downloaded Hugo: ...

Welcome Hello and welcome to my blog! I’m Lewis. I work in security, incident Response, and other general research at Microsoft and I’m based in the UK. Outside of work, I often climb boulders, stay active in the gym, badly play golf and going off piste. What to Expect This blog will range between topics: Technical write-ups Malware analysis and research LLMs Tool building Kusto! Other research Recent Projects I enjoy building little tools that effectively solve problems I encounter and expect others might too. One old project if you haven’t seen is Virus.xcheck, a Python tool for checking file hashes against the Virus Exchange database. ...