https://ransomware.sh/emul4ntField notes from offensive security work: malware development, red team operations, and threat research. 2026-06-13T14:00:05+01:00 emul4nt https://ransomware.sh/ Jekyll © 2026 emul4nt /assets/img/favicons/favicon.ico /assets/img/favicons/favicon-96x96.png env-nodejs@2.6.0: reverse engineering an npm supply chain dropper2026-05-13T02:30:00+01:00 2026-05-13T02:30:00+01:00 https://ransomware.sh/posts/env-nodejs-supply-chain-attack/ emul4nt env-nodejs@2.6.0 is a malicious npm package masquerading as a dotenv variant. Full walkthrough of the obfuscated dropper, the encoded PowerShell it builds, and the DonutLoader plus Epsilon Stealer payload it pulls from a Cloudflare Tunnel. Understanding DHCP fingerprinting2025-04-24T12:00:00+01:00 2025-04-24T12:00:00+01:00 https://ransomware.sh/posts/dhcp-fingerprinting/ emul4nt How DHCP packets leak operating-system and device-type information without generating any extra traffic, why option 55 (Parameter Request List) is the strongest tell, and why the technique is useful to both red and blue teams.