Who are you?

I go by the name of Zerophage (@Zerophage1337). In reality I’ve been in cyber for 7+ years and began my career as an apprentice tracing cables in data centres and making tea. I’ve pretty much been there done that in some form or another.

These days I focus on threat intel and hunting and its what I do as a job. The work on this website however is done in my spare time.


What is this blog about?

This blog is primarily about exploit kits (such as Rig) and the malware they drop. I may do the odd  malspam though. My style of displaying the information is designed to grab the attention of someone who may otherwise have glazed eyes.

My aim to to show the latest patterns in EK activity and the malware it drops in the hopes of providing the open source community a way to look for such activity on their networks or update their rules.

Beware that there is great risk browsing to any of the sites and executing any payloads downloaded from the pcaps and that risk is your own 🙂

What are my sources?

I rely on either submissions from users or where possible compromised sites I come across. I may use a compromised site found by another researcher if the EK is rarer such as Sundown. If you have any sites to share then please contact me, I will credit you if you want to be known.

What is this ‘Zerophage’?

Before I got into security I wanted to create computer games. Zerophage was a character I created and the art is original. The game was meant to be a Pokemon clone but instead of animals it would be weapons or objects. Zerophage was a final evolution and was type Bug (spreading malware through his USB’s) and Steel (robotic armour).