Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2022-04-12Max Kersten's BlogMax Kersten
@online{kersten:20220412:ghidra:4afe367, author = {Max Kersten}, title = {{Ghidra script to handle stack strings}}, date = {2022-04-12}, organization = {Max Kersten's Blog}, url = {https://maxkersten.nl/binary-analysis-course/analysis-scripts/ghidra-script-to-handle-stack-strings/}, language = {English}, urldate = {2022-04-20} } Ghidra script to handle stack strings
CaddyWiper PlugX
2022-02-01Max Kersten's BlogMax Kersten
@online{kersten:20220201:dumping:2784605, author = {Max Kersten}, title = {{Dumping WhisperGate’s wiper from an Eazfuscator obfuscated loader}}, date = {2022-02-01}, organization = {Max Kersten's Blog}, url = {https://maxkersten.nl/binary-analysis-course/malware-analysis/dumping-whispergates-wiper-from-an-eazfuscator-obfuscated-loader/}, language = {English}, urldate = {2022-02-02} } Dumping WhisperGate’s wiper from an Eazfuscator obfuscated loader
WhisperGate
2021-07-25Max Kersten's BlogMax Kersten
@online{kersten:20210725:ghidra:00c108d, author = {Max Kersten}, title = {{Ghidra script to decrypt a string array in XOR DDoS}}, date = {2021-07-25}, organization = {Max Kersten's Blog}, url = {https://maxkersten.nl/binary-analysis-course/analysis-scripts/ghidra-script-to-decrypt-a-string-array-in-xor-ddos/}, language = {English}, urldate = {2021-08-02} } Ghidra script to decrypt a string array in XOR DDoS
XOR DDoS
2021-02-09Max Kersten's BlogMax Kersten
@online{kersten:20210209:ghidra:0e7f66c, author = {Max Kersten}, title = {{Ghidra script to decrypt strings in Amadey 1.09}}, date = {2021-02-09}, organization = {Max Kersten's Blog}, url = {https://maxkersten.nl/binary-analysis-course/analysis-scripts/ghidra-script-to-decrypt-strings-in-amadey-1-09/}, language = {English}, urldate = {2021-02-09} } Ghidra script to decrypt strings in Amadey 1.09
Amadey
2020-09-17Max Kersten's BlogMax Kersten
@online{kersten:20200917:automatic:8b19414, author = {Max Kersten}, title = {{Automatic ReZer0 payload and configuration extraction}}, date = {2020-09-17}, organization = {Max Kersten's Blog}, url = {https://maxkersten.nl/binary-analysis-course/analysis-scripts/automatic-rezer0-payload-and-configuration-extraction/}, language = {English}, urldate = {2020-09-18} } Automatic ReZer0 payload and configuration extraction
2020-08-26Max Kersten's BlogMax Kersten
@online{kersten:20200826:rezer0v4:3bc357a, author = {Max Kersten}, title = {{ReZer0v4 loader}}, date = {2020-08-26}, organization = {Max Kersten's Blog}, url = {https://maxkersten.nl/binary-analysis-course/malware-analysis/rezer0v4-loader/}, language = {English}, urldate = {2020-08-27} } ReZer0v4 loader
MASS Logger
2020-03-26Max Kersten's BlogMax Kersten
@online{kersten:20200326:azorult:5d5ee1f, author = {Max Kersten}, title = {{Azorult loader stages}}, date = {2020-03-26}, organization = {Max Kersten's Blog}, url = {https://maxkersten.nl/binary-analysis-course/malware-analysis/azorult-loader-stages/}, language = {English}, urldate = {2020-03-26} } Azorult loader stages
Azorult
2020-02-24Max Kersten's BlogMax Kersten
@online{kersten:20200224:closing:9d39fcf, author = {Max Kersten}, title = {{Closing in on MageCart 12}}, date = {2020-02-24}, organization = {Max Kersten's Blog}, url = {https://maxkersten.nl/2020/02/24/closing-in-on-magecart-12/}, language = {English}, urldate = {2020-02-25} } Closing in on MageCart 12
magecart
2020-02-17Max Kersten's BlogMax Kersten
@online{kersten:20200217:following:07470c1, author = {Max Kersten}, title = {{Following the tracks of MageCart 12}}, date = {2020-02-17}, organization = {Max Kersten's Blog}, url = {https://maxkersten.nl/2020/02/17/following-the-tracks-of-magecart-12/}, language = {English}, urldate = {2020-02-20} } Following the tracks of MageCart 12
magecart
2020-01-20Max Kersten's BlogMax Kersten
@online{kersten:20200120:ticket:ad7af1c, author = {Max Kersten}, title = {{Ticket resellers infected with a credit card skimmer}}, date = {2020-01-20}, organization = {Max Kersten's Blog}, url = {https://maxkersten.nl/2020/01/20/ticket-resellers-infected-with-a-credit-card-skimmer/}, language = {English}, urldate = {2020-01-27} } Ticket resellers infected with a credit card skimmer
magecart
2019-10-14Max Kersten's BlogMax Kersten
@online{kersten:20191014:corona:60d807b, author = {Max Kersten}, title = {{Corona DDoS bot}}, date = {2019-10-14}, organization = {Max Kersten's Blog}, url = {https://maxkersten.nl/binary-analysis-course/malware-analysis/corona-ddos-bot/}, language = {English}, urldate = {2021-11-03} } Corona DDoS bot
Bashlite
2019-02-16Max Kersten's BlogMax Kersten
@online{kersten:20190216:emotet:7cb0628, author = {Max Kersten}, title = {{Emotet droppers}}, date = {2019-02-16}, organization = {Max Kersten's Blog}, url = {https://maxkersten.nl/binary-analysis-course/malware-analysis/emotet-droppers/}, language = {English}, urldate = {2020-01-09} } Emotet droppers
Emotet