powershell 10
- Reading the ledger: how one Polygon smart contract exposed three ClickFix crews and 153 confirmed hacked websites
- Five layers deep for a stealer: reversing the "PuppetKing" ClickFix chain that ended in StealC
- Your RMM Has a Second Owner: Inside a Rogue ScreenConnect Credential Theft Campaign
- Fake captcha, five layers of RC4, and a Rust stealer with LSA session enumeration and AD recon
- The "SharePoint Helper" That Was Really a Localhost Backdoor
- The beacon that won't decrypt unless it beats AMSI: pulling apart a WMI-launched PowerShell loader
- Bring Your Own Node: a PowerShell stager, a blockchain dead-drop, and a RAT that runs on the real Node.js
- A signed OneDrive, a fake note-taking app, and a payload hiding in a PNG: one ClickFix chain, five stages deep
- Twelve layers of obfuscation, one AMSI patch: pulling apart a ClickFix mshta loader
- A driver that wasn't a driver: dissecting a steganographic PowerShell beacon