How malware generates thousands of pseudo-random rendezvous domains from a shared seed, traced from Kraken and Conficker through Torpig and GameOver Zeus, and how defenders sinkhole and classify them.
How blue teams use TLS fingerprints to catch malware command-and-control: JA3/JA3S, JARM and JA4+, the Cobalt Strike default signatures, and what Chrome's ClientHello randomization broke.
Traces the 2024-2025 ClickFix and fake-CAPTCHA wave: how attackers dress malware delivery in Cloudflare and reCAPTCHA UX, push commands through the clipboard, and gate payloads so automated analysis sees nothing.