Sky Blueteam

Recovering some files encrypted by LockBit 2.0

The LockBit 2.0 ransomware is pretty aggressive with the extensions it encrypts: you can say goodbye to your user hives and event log. Or do you?

Welcome Yagi, Yet Another Ghidra Integration for IDA

Are you an IDA fan but wish it could decompile more exotic architectures? Are you a student who wants the joy of using a decompiler but can’t afford Hex-Rays? Yagi is the tool for you! Yagi integrates the Ghidra decompiler in IDA, both Free and Pro version, at zero cost.

Scanning VirusTotal's firehose

We set the crazy objective to extract and push IOC in real-time for a given malware family submitted to VirusTotal. For this blog post, as an example, we will focus on Cobalt Strike.