AppDomainManager Injection — Bend .NET Assemblies to Your Will

A deep dive into AppDomainManager injection (T1574.014): how attackers use .NET’s own extensibility model to proxy execution of malicious assemblies through legitimate signed binaries, and what defenders can — and can’t — do about it.

February 12, 2026 · 7 min · Matt Swann

Advent of Cyber 2025 Day 21 — Malware Analysis Bonus Challenge

A walkthrough of the TryHackMe Advent of Cyber 2025 Day 21 bonus challenge: peeling back a multi-layer HTA payload through VBScript analysis, Base64 decoding, and XOR decryption to uncover a hidden PNG.

December 21, 2025 · 5 min · Matt Swann