/posts/ Recent content in Blog on Ctrl+Alt+Dark Hugo -- gohugo.io en james.northey@proton.me (Darkrym) james.northey@proton.me (Darkrym) © 2026 Darkrym Tue, 17 Feb 2026 00:00:00 +0000 /posts/investigation_theory/ Tue, 17 Feb 2026 00:00:00 +0000 james.northey@proton.me (Darkrym) /posts/investigation_theory/ Learn to balance speed and thoroughness in MDR investigations using Kill Chain analysis and Likelihood vs Impact matrices to make fast, defensible decisions under pressure. /posts/curiosity_crisis_part3/ Sat, 24 Jan 2026 00:00:00 +0000 james.northey@proton.me (Darkrym) /posts/curiosity_crisis_part3/ A hands-on guide to using NotebookLM for cybersecurity learning, including how to create study guides, generate flashcards, and build audio podcasts from technical documentation for active learning. /posts/curiosity_crisis_part2/ Fri, 23 Jan 2026 00:00:00 +0000 james.northey@proton.me (Darkrym) /posts/curiosity_crisis_part2/ Discover evidence-based learning frameworks including the three-phase Learning Cycle (Understanding, Remembering, Focusing) and how to adapt cybersecurity training to your personal learning style with AI. /posts/curiosity_crisis_part1/ Thu, 22 Jan 2026 00:00:00 +0000 james.northey@proton.me (Darkrym) /posts/curiosity_crisis_part1/ AI isn’t making us stupider, our curiosity has been atrophying for years and AI just makes it visible. Learn why curiosity is a muscle you can rebuild and how to use AI as an amplifier, not a crutch. /posts/sql_server_cheatsheet/ Sun, 21 Dec 2025 00:00:00 +0000 james.northey@proton.me (Darkrym) /posts/sql_server_cheatsheet/ Microsoft SQL Server forensics and threat hunting guide covering registry paths, log locations, attack indicators, and configuration analysis for compromised SQL Server instances. /posts/python_malware_part6/ Wed, 03 Sep 2025 00:00:00 +0000 james.northey@proton.me (Darkrym) /posts/python_malware_part6/ After nine stages of obfuscation, the final payload reveals itself as PureRAT, a commercial .NET RAT using TLS-pinned C2, Protocol Buffers, and modular plugins for remote access and control. /posts/python_malware_part5/ Tue, 02 Sep 2025 00:00:00 +0000 james.northey@proton.me (Darkrym) /posts/python_malware_part5/ Advanced .NET loader dynamically loads assemblies from memory, decrypts payloads on-the-fly, and invokes methods without touching disk, requiring a pivot from static to dynamic analysis techniques. /posts/python_malware_part4/ Mon, 01 Sep 2025 00:00:00 +0000 james.northey@proton.me (Darkrym) /posts/python_malware_part4/ The campaign shifts from Python to compiled .NET executables using process hollowing for in-memory PE injection, AMSI patching, and ETW unhooking to evade detection and establish persistence. /posts/python_malware_part3/ Sun, 31 Aug 2025 00:00:00 +0000 james.northey@proton.me (Darkrym) /posts/python_malware_part3/ Dissect PXA Stealer’s weaponized info-stealing payload that extracts Chrome credentials, cookies, and 2FA tokens using WMI for AV enumeration before exfiltrating everything via Telegram’s Bot API. /posts/python_malware_part2/ Sat, 30 Aug 2025 00:00:00 +0000 james.northey@proton.me (Darkrym) /posts/python_malware_part2/ Learn to disassemble Python bytecode and reconstruct custom hybrid encryption loaders as PXA Stealer uses multi-layered in-memory execution, registry persistence, and Telegram C2 to evade detection. /posts/python_malware_part1/ Fri, 29 Aug 2025 00:00:00 +0000 james.northey@proton.me (Darkrym) /posts/python_malware_part1/ Uncover how a copyright phishing email delivers multi-stage Python malware through DLL sideloading, hidden archives, and Base64 obfuscation in this deep-dive intro to Python malware reverse engineering. /posts/sigma_rule_cheatsheet/ Wed, 02 Jul 2025 00:00:00 +0000 james.northey@proton.me (Darkrym) /posts/sigma_rule_cheatsheet/ Concise guide for writing Sigma detection rules covering structure, modifiers, best practices, and tools for SOC analysts and detection engineers working with Splunk, Elastic, or LogPoint. /posts/crypto_scam_returns/ Wed, 02 Jul 2025 00:00:00 +0000 james.northey@proton.me (Darkrym) /posts/crypto_scam_returns/ A polished YouTube video promoting a fake TradingView AI feature nearly fooled security analysts with professional branding and clever social engineering, delivering NetSupport RAT through PowerShell to target crypto wallets. /posts/openscanner/ Tue, 01 Jul 2025 00:00:00 +0000 james.northey@proton.me (Darkrym) /posts/openscanner/ Automate IP and domain investigations with NetTriage, a Python tool that performs reputation lookups, DNS resolution, WHOIS checks, and passive DNS analysis for rapid threat triage. /posts/cyber_security_beginner_guide/ Sat, 28 Jun 2025 00:00:00 +0000 james.northey@proton.me (Darkrym) /posts/cyber_security_beginner_guide/ A comprehensive Australian guide to breaking into cybersecurity, covering red vs blue team paths, practical skills development, certifications, programming projects, and government career opportunities. /posts/macos_terminal_cheatsheet/ Mon, 16 Jun 2025 00:00:00 +0000 james.northey@proton.me (Darkrym) /posts/macos_terminal_cheatsheet/ Essential macOS Terminal commands for file operations, process management, networking, Homebrew, and security controls like Gatekeeper and SIP for sysadmins and DFIR practitioners. /posts/markdown_cheat_sheet/ Tue, 10 Jun 2025 00:00:00 +0000 james.northey@proton.me (Darkrym) /posts/markdown_cheat_sheet/ Quick reference for Markdown syntax covering headings, formatting, lists, links, code blocks, and tables for documentation and technical writing. /posts/windows_powershell_cheatsheet/ Sun, 08 Jun 2025 00:00:00 +0000 james.northey@proton.me (Darkrym) /posts/windows_powershell_cheatsheet/ Fast-access PowerShell reference for system administration, automation, security auditing, covering file management, networking, scripting, and Winget for IT pros and analysts. /posts/windows_registry_cheatsheet/ Tue, 03 Jun 2025 00:00:00 +0000 james.northey@proton.me (Darkrym) /posts/windows_registry_cheatsheet/ Key Windows Registry locations for persistence mechanisms, user activity traces, and IOC hunting in malware analysis and forensic investigations for DFIR professionals. /posts/malware-analysis-cheat-sheet/ Mon, 02 Jun 2025 00:00:00 +0000 james.northey@proton.me (Darkrym) /posts/malware-analysis-cheat-sheet/ Comprehensive reference for static and dynamic malware analysis using Ghidra, x64dbg, REMnux, including PDF analysis, unpacking techniques, and reverse engineering workflows. - static-analysis - dynamic-analysis /posts/windows_logs_cheatsheet/ Mon, 02 Jun 2025 00:00:00 +0000 james.northey@proton.me (Darkrym) /posts/windows_logs_cheatsheet/ Critical Windows event IDs, logon types, and log locations for threat hunting and incident response, including Security.evtx, PowerShell logs, and Chainsaw analysis techniques. /posts/my_rack_setup/ Wed, 28 May 2025 00:00:00 +0000 james.northey@proton.me (Darkrym) /posts/my_rack_setup/ Build your own compact 10-inch server rack using 2020 aluminium extrusion with detailed parts list, cut measurements, and assembly instructions for a modular homelab setup. /posts/regex_cheatsheet/ Sat, 28 Jun 2025 00:00:00 +0000 james.northey@proton.me (Darkrym) /posts/regex_cheatsheet/ Essential regex patterns for matching, capturing, and string manipulation adapted for security analysts, blue teamers, and SOC professionals working with detection rules. /posts/ip_domain_investigation_cheat-sheet/ Fri, 27 Jun 2025 00:00:00 +0000 james.northey@proton.me (Darkrym) /posts/ip_domain_investigation_cheat-sheet/ Essential techniques for IP and domain investigations including reputation checks, WHOIS lookups, DNS inspection, passive intelligence, and payload retrieval for threat hunting and incident response.