Extract a NetWalker sample and its configuration from a PowerShell loader. The tutorial touches on all fundamental binary refinery concepts.

A short tutorial extracting the strings (including C2 configuration) of an Amadey Loader sample. Revisits most of the concepts that were introduced in the tutorial.

In this tutorial, we extract the C2 configuration from a SedUpLoader sample. The tutorial introduces the push/pop mechanic, which is used to first extract a decryption key, store it as a variable, continue to extract the C2 data, and then decrypt the C2 domains using the stored key.

A short tutorial about a loader using a custom run-length encoding. The tutorial showcases how to define custom refinery units when it would be too difficult to implement a decoding step using existing units.

This is a refinery-focused write-up of how to solve FlareOn9.

A refinery pipeline that can extract the C2 IP addresses from Qakbot samples.

Another showcase of writing custom units for very specific tasks, in this case reproducing the logic of a .NET packer.

This is a refinery-focused write-up of how to solve FlareOn10.