Mind Palace: A Personal Search Engine for the Way I Actually Work
“I consider that a man’s brain originally is like a little empty attic, and you have to stock it with such furniture as you choose.” — Sherlock Holmes, A Study in Scarlet There’s a particular kind of frustration that I suspect a lot of researchers know well: you’re in the middle of something, an analysis,…
MalChela v4.1: Mac Malware Analysis Arrives
MalChela v4.1 is out today, and the headline is something I’ve been wanting to tackle for a while: dedicated Mac malware analysis tooling. If you’ve been following the channel or the blog, you know MalChela started as a triage-first toolkit aimed at the kinds of samples that show up in Windows-centric IR engagements. That coverage…
Unmasking the Moon: Comparing LunaStealer Samples with MalChela and Claude
As one tends to do on Saturday mornings with coffee in hand, I was reviewing two samples that were attributed to the LunaStealer / LunaGrabber family. Originally I was validating that tiquery was working with the MCP configuration, however what started as a quick TI check turned into a full static analysis session — and…
The Long Game: MalChela v4.0
When I started building MalChela, I had a narrow problem to solve. I was doing a lot of malware triage during incident response engagements and I kept reaching for the same scattered set of tools — VirusTotal, some strings extraction, a hash lookup here, a YARA scan there. The workflow existed, but it wasn’t a…
From QR to Threat Identification in one Click
Recently I introduced Threat Intel Query (tiquery), a multi-source threat intelligence lookup tool. The first iteration expanded on the capability of malhash and enabled for the submission of malware hashes against multiple threat intel sites. Then yesterday I was targeted with an SMS phishing message. (Note: I don’t know why but I detest the term…
MalChela 3.2: More Cowbell? More Intel!
One of the things I value most about the open-source community is that the best improvements to a tool often don’t come from inside it — they come from outside conversations. A short while back, the author of mlget, xorhex, reached out and suggested I add more malware retrieval sources to FOSSOR, one of my earlier tools for…
A Study in DFIR: Open-Source, Enterprise, and the Art of Analysis
Someone asked me recently how I see DFIR evolving — tooling, automation, and open-source versus enterprise platforms. It’s the kind of question that sounds like a conference panel topic, but the answer is grounded in how work actually gets done. In practice, it isn’t a binary choice. The most effective IR practitioners I’ve worked with…
The Game Is Afoot: Introducing the MalChela Video Series
There’s a moment every analyst knows — the one where an unknown file lands on your desk and the clock starts ticking. You need answers, and you need them fast. MalChela was built for exactly that moment. Today I’m excited to announce the MalChela Video Series on YouTube — a growing collection of tutorial episodes walking through…
MalChela Meets AI: Three Paths to Smarter Malware Analysis
In a previous post I wrote about integrating MalChela with OpenCode on REMnux and giving the AI a quick briefing on the tool suite so it could incorporate them into its analysis workflow. That was a promising proof of concept, but it raised a natural follow-up question: how do you make these integrations more robust,…
Streamline Malware Hash Search with FOSSOR
We’ve all encountered this scenario: you’re reading a threat report from CISA or Microsoft and come across hashes related to a malware infection. You start copying these hashes and head to one of your favorite virus repositories to check if there’s a source available for download so you can analyze the malware yourself. Unfortunately, you…
Something went wrong. Please refresh the page and/or try again.
Follow My Blog
Get new content delivered directly to your inbox.
Baker Street Forensics 