// DATABASE_ACCESS
INTELLIGENCE
ARCHIVE
Central repository of offensive and defensive tradecraft. Use the command filters below to navigate between operation types and specific threat vectors.
Technical Analysis: XWorm v5.6 JavaScript Dropper → Fileless Loader Chain
multi-stage malware infection chain delivering XWorm RAT v5.6 using a JavaScript dropper masquerading as a PDF document
FOSS as a Security Primitive: Why Open Source Is Structurally Superior for Privacy, Integrity, and Trust
A technical analysis of FOSS as a foundational security control, examining verifiability, attack surface reduction, community auditing, and data sovereignty in contrast to the trust-based failures of proprietary software.
Critical 10.0: Full BI Infrastructure Compromise via Default Credentials
A detailed write-up on how factory-default credentials on a MicroStrategy administrative panel led to a complete takeover of corporate Business Intelligence assets.
Cyrillic Phishing: When a Domain Looks Legit — but Isn’t
An in-depth look at how threat actors abuse Unicode characters in IDN homograph attacks to achieve initial access through phishing.
Threat Actor Profile: Midia22
A investigation of Midia22, a Brazilian Initial Access Broker operating across government systems and Telegram cybercrime channels.
Technical Analysis: EvilSoul1337 Stealer-as-a-Service
Dissecting a Node.js-based Stealer-as-a-Service (SaaS) platform utilizing Electron, Discord Webhooks, and WebSocket C2s targeting gamers.
Abusing WhatsApp Desktop for Initial Access: Python ZipApp Reverse Shell
A technical analysis of how .pyz files can be used to bypass protections and establish a Reverse Shell via WhatsApp Desktop.
Active Phishing & PIX Fraud Operation Impersonating Brazilian DETRAN
Impersonation of Brazilian DETRAN (Department of Motor Vehicles).
Technical Analysis: CS2 Fake Cheat Ransomware
A deep dive into a .NET ransomware distributed as a Counter-Strike 2 'Mod Menu' targeting Brazilian gamers.
Technical Analysis: WhatsApp Web Automation Worm
Investigation of a Python-based stage that hijacks browser sessions to automate mass malware dissemination via WhatsApp Web.
Malware Campaign: LNK + MSBuild abuse targeting Brazil
Analysis of a campaign distributing malware via .LNK files disguised as DANFE/CFDI invoices, abusing MSBuild to execute fileless payloads.
Cybersecurity Essentials: Understanding Risks & Defense Stack
A comprehensive guide on modern cyber risks, APTs, and the essential toolset for defensive operations—from Vulnerability Management to IAM.
Investigation: Critical IDOR in PIX Payment Gateway
Analysis of a mass phishing campaign mimicking the Postal Service that revealed a massive IDOR in a payment processor, exposing PII and enabling fraud.