Blog – Malcrove

STAY AHEAD OF CYBER THREATS

Insights, news, and best practices

Posted on November 5, 2025

Weaponizing Trust: ClickOnce Deployment with AppDomainManager Injection

The Story During a recent red team engagement in late 2025, we had a problem. The target environment was well defended, MDE and other controls were in full effect, and our usual initial-access techniques that worked in the past failed to get us a reliable foothold. Faced with that, we shifted gears and stitched together a different approach. The result: a technique that let us infiltrate by running inside the context of...

Read Post

by Khalifa Alshamsi

Posted on April 8, 2021

Red Teaming

KollectApps Insecure Java Deserialization (CVE-2021-27335)

Author: Ahmed Attalla (Security Researcher at Malcrove) KollectApp is a desktop application used heavily in the banking sector; it’s used to manage loan collection given to customers by the bank.While doing a penetration test on the application, I discovered critical insecure java deserialization that leads to remote code execution.During testing, I noticed the presence of java serialized payload at one of the application's requests. Since I decompiled the application jar files, I know...

Read Post

by Ahmed Attalla

Posted on September 6, 2020

Malware

Thanos Related Malware

Author: Vladimir Davydov (Security Researcher at Malcrove) 1. Malware summary 1.1 Malware description Malcrove has discovered a persistent malware that has been active in targeting an organization in the Energy industry. The malware infects a victim’s host with a ransomware, encrypts certain files and tries to spread over the local network to infect other hosts. Our research revealed that the malware was created with the Thanos builder. Thanos is a RaaS (Ransomware as a...

Read Post

by Ahmed Attalla

STAY AHEAD OF CYBER THREATS

Insights, news, and best practices

Weaponizing Trust: ClickOnce Deployment with AppDomainManager Injection

SeamlessPass: Leveraging Kerberos Tickets to Access the Cloud

KollectApps Insecure Java Deserialization (CVE-2021-27335)

Thanos Related Malware