Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2022-09-28GigamonRoman Kroshinsky, Pavle Culum
@online{kroshinsky:20220928:investigating:17c6c32, author = {Roman Kroshinsky and Pavle Culum}, title = {{Investigating Web Shells}}, date = {2022-09-28}, organization = {Gigamon}, url = {https://blog.gigamon.com/2022/09/28/investigating-web-shells/}, language = {English}, urldate = {2022-09-30} } Investigating Web Shells
Godzilla Webshell Behinder
2022-02-03GigamonMichael Lazic
@online{lazic:20220203:investigating:b588416, author = {Michael Lazic}, title = {{Investigating Lateral Movement — WMI and Scheduled Tasks}}, date = {2022-02-03}, organization = {Gigamon}, url = {https://blog.gigamon.com/2022/02/03/investigating-lateral-movement-wmi-and-scheduled-tasks/}, language = {English}, urldate = {2022-02-10} } Investigating Lateral Movement — WMI and Scheduled Tasks
2022-01-27GigamonJoe Slowik
@online{slowik:20220127:focusing:5b47208, author = {Joe Slowik}, title = {{Focusing on “Left of Boom”}}, date = {2022-01-27}, organization = {Gigamon}, url = {https://blog.gigamon.com/2022/01/28/focusing-on-left-of-boom/}, language = {English}, urldate = {2022-02-02} } Focusing on “Left of Boom”
WhisperGate
2021-12-21GigamonJoe Slowik
@online{slowik:20211221:log:c950f86, author = {Joe Slowik}, title = {{The Log Keeps Rolling On: Evaluating Log4j Developments and Defensive Requirements}}, date = {2021-12-21}, organization = {Gigamon}, url = {https://blog.gigamon.com/2021/12/21/the-log-keeps-rolling-on-evaluating-log4j-developments-and-defensive-requirements/}, language = {English}, urldate = {2022-02-10} } The Log Keeps Rolling On: Evaluating Log4j Developments and Defensive Requirements
2021-12-14GigamonJoe Slowik
@online{slowik:20211214:network:0d17ac7, author = {Joe Slowik}, title = {{Network Security Monitoring Opportunities and Best Practices for Log4j Defense}}, date = {2021-12-14}, organization = {Gigamon}, url = {https://blog.gigamon.com/2021/12/14/network-security-monitoring-opportunities-and-best-practices-for-log4j-defense/}, language = {English}, urldate = {2022-02-10} } Network Security Monitoring Opportunities and Best Practices for Log4j Defense
2021-10-25GigamonJoe Slowik
@online{slowik:20211025:bear:ea7ac23, author = {Joe Slowik}, title = {{Bear in the Net: A Network-Focused Perspective on Berserk Bear}}, date = {2021-10-25}, organization = {Gigamon}, url = {https://blog.gigamon.com/2021/10/25/bear-in-the-net-a-network-focused-perspective-on-berserk-bear/}, language = {English}, urldate = {2022-02-10} } Bear in the Net: A Network-Focused Perspective on Berserk Bear
2021-09-10GigamonJoe Slowik
@online{slowik:20210910:rendering:59082b0, author = {Joe Slowik}, title = {{Rendering Threats: A Network Perspective}}, date = {2021-09-10}, organization = {Gigamon}, url = {https://blog.gigamon.com/2021/09/10/rendering-threats-a-network-perspective/}, language = {English}, urldate = {2023-04-06} } Rendering Threats: A Network Perspective
BumbleBee Cobalt Strike
2021-07-27GigamonJoe Slowik
@online{slowik:20210727:ghosts:af3dc18, author = {Joe Slowik}, title = {{Ghosts on the Wire: Expanding Conceptions of Network Anomalies}}, date = {2021-07-27}, organization = {Gigamon}, url = {https://blog.gigamon.com/2021/07/27/ghosts-on-the-wire-expanding-conceptions-of-network-anomalies/}, language = {English}, urldate = {2021-08-02} } Ghosts on the Wire: Expanding Conceptions of Network Anomalies
SUNBURST
2021-07-08GigamonJoe Slowik
@online{slowik:20210708:observations:21f913b, author = {Joe Slowik}, title = {{Observations and Recommendations from the Ongoing REvil-Kaseya Incident}}, date = {2021-07-08}, organization = {Gigamon}, url = {https://blog.gigamon.com/2021/07/08/observations-and-recommendations-from-the-ongoing-revil-kaseya-incident/}, language = {English}, urldate = {2021-07-12} } Observations and Recommendations from the Ongoing REvil-Kaseya Incident
REvil
2021-06-24GigamonJoe Slowik
@techreport{slowik:20210624:baffling:d37b293, author = {Joe Slowik}, title = {{The Baffling Berserk Bear: A Decade's Activity targeting Critical Infrastructure}}, date = {2021-06-24}, institution = {Gigamon}, url = {https://vblocalhost.com/uploads/VB2021-Slowik.pdf}, language = {English}, urldate = {2021-10-26} } The Baffling Berserk Bear: A Decade's Activity targeting Critical Infrastructure
Havex RAT Heriplor Karagany
2021-06-17GigamonJoe Slowik
@online{slowik:20210617:hold:dc6ce6d, author = {Joe Slowik}, title = {{Hold the Door: Examining Exfiltration Activity and Applying Countermeasures}}, date = {2021-06-17}, organization = {Gigamon}, url = {https://blog.gigamon.com/2021/06/17/hold-the-door-examining-exfiltration-activity-and-applying-countermeasures}, language = {English}, urldate = {2021-06-22} } Hold the Door: Examining Exfiltration Activity and Applying Countermeasures
2021-05-17GigamonJoe Slowik
@online{slowik:20210517:tracking:060c759, author = {Joe Slowik}, title = {{Tracking DarkSide and Ransomware: The Network View}}, date = {2021-05-17}, organization = {Gigamon}, url = {https://blog.gigamon.com/2021/05/17/tracking-darkside-and-ransomware-the-network-view/}, language = {English}, urldate = {2021-05-17} } Tracking DarkSide and Ransomware: The Network View
DarkSide DarkSide
2020-01-13GigamonWilliam Peteroy, Ed Miles
@online{peteroy:20200113:emotet:60abae1, author = {William Peteroy and Ed Miles}, title = {{Emotet: Not your Run-of-the-mill Malware}}, date = {2020-01-13}, organization = {Gigamon}, url = {https://atr-blog.gigamon.com/2020/01/13/emotet-not-your-run-of-the-mill-malware/}, language = {English}, urldate = {2020-01-17} } Emotet: Not your Run-of-the-mill Malware
Emotet
2019-07-23GigamonKristina Savelesky, Ed Miles, Justin Warner
@online{savelesky:20190723:abadbabe:061c7a8, author = {Kristina Savelesky and Ed Miles and Justin Warner}, title = {{ABADBABE 8BADF00D: Discovering BADHATCH and a Detailed Look at FIN8’s Tooling}}, date = {2019-07-23}, organization = {Gigamon}, url = {https://atr-blog.gigamon.com/2019/07/23/abadbabe-8badf00d-discovering-badhatch-and-a-detailed-look-at-fin8s-tooling/}, language = {English}, urldate = {2020-02-09} } ABADBABE 8BADF00D: Discovering BADHATCH and a Detailed Look at FIN8’s Tooling
PoSlurp Powersniff
2019-07-23GigamonKristina Savelesky, Ed Miles, Justin Warner
@online{savelesky:20190723:abadbabe:7d07c9b, author = {Kristina Savelesky and Ed Miles and Justin Warner}, title = {{ABADBABE 8BADF00D: Discovering BADHATCH and a Detailed Look at FIN8’s Tooling}}, date = {2019-07-23}, organization = {Gigamon}, url = {https://blog.gigamon.com/2019/07/23/abadbabe-8badf00d-discovering-badhatch-and-a-detailed-look-at-fin8s-tooling/}, language = {English}, urldate = {2023-08-31} } ABADBABE 8BADF00D: Discovering BADHATCH and a Detailed Look at FIN8’s Tooling
BADHATCH
2018-06-07GigamonChenming Xu, Jason Jones, Justin Warner, Dan Caselden
@online{xu:20180607:adobe:5bedebc, author = {Chenming Xu and Jason Jones and Justin Warner and Dan Caselden}, title = {{Adobe Flash Zero-Day Leveraged for Targeted Attack in Middle East - Gigamon ATR Blog}}, date = {2018-06-07}, organization = {Gigamon}, url = {https://www.icebrg.io/blog/adobe-flash-zero-day-targeted-attack}, language = {English}, urldate = {2019-07-22} } Adobe Flash Zero-Day Leveraged for Targeted Attack in Middle East - Gigamon ATR Blog
Chainshot
2017-07-25GigamonApplied Threat Research Team
@online{team:20170725:footprints:ef14363, author = {Applied Threat Research Team}, title = {{Footprints of Fin7: Tracking Actor Patterns (Part 1)}}, date = {2017-07-25}, organization = {Gigamon}, url = {https://www.icebrg.io/blog/footprints-of-fin7-tracking-actor-patterns}, language = {English}, urldate = {2019-11-29} } Footprints of Fin7: Tracking Actor Patterns (Part 1)
FIN7