I submitted a new sample to samplepedia.cc
PoisonX rootkit.
Video solution follows the next days.
samplepedia.cc/sample/db5d2...
😂 @rifteyy just pointed me to this gem in the VT comment section for the empty file
www.virustotal.com/gui/file/e3b...
My malware analysis courses have now a new certificate design.
malwareanalysis-for-hedgehogs.learnworlds.com/courses
Added a task for the SugarSMP spark stealer sample to samplepedia
samplepedia.cc/sample/060ed...
New Video: Build your own LLM dynamic analysis lab 🦔🎥
➡️ AI debugs and unpacks with x64dbg
➡️ AI can access powershell terminal
www.youtube.com/watch?v=QrWz...
I wrote an article about SugarSMP Minecraft scams, Spark stealer, extortion and hacked accounts.
After a brief contact to the threat actor, we talked to two victims and followed the trail.
Analysis in collaboration with @rifteyy
#GDATATechblog #GDATA
blog.gdatasoftware.com/2026/03/3839...
🦔 📹 Video: Building your own AI Malware Analysis Lab
➡️ old system, 16 GB RAM
➡️ using Remnux
#MalwareAnalysisForHedgehogs #LLM
www.youtube.com/watch?v=YOdu...
Reported as issue: github.com/DataDog/guar...
Karsten Hahn
Karsten Hahn
Karsten Hahn
Karsten Hahn
Karsten Hahn
Karsten Hahn
Karsten Hahn
Karsten Hahn
This seems to be a prevalent issue now: People vibe code security applications and the LLM generates real malware for testing.
The generated test files rely on real threat actor infrastructure to download or exfiltrate.
hxxps://github.com/DataDog/guarddog/blob/main/tests
Hello, I am a security researcher working for GDATA. Your test files directory contain actual malware. These test files were generated by an LLM, it seems. But they download and run malware from ex...
