Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2022-08-09Medium walmartglobaltechJason Reaves, Joshua Platt
@online{reaves:20220809:pivoting:7afbaea, author = {Jason Reaves and Joshua Platt}, title = {{Pivoting on a SharpExt to profile Kimusky panels for great good}}, date = {2022-08-09}, organization = {Medium walmartglobaltech}, url = {https://medium.com/walmartglobaltech/pivoting-on-a-sharpext-to-profile-kimusky-panels-for-great-good-1920dc1bcef9}, language = {English}, urldate = {2022-08-11} } Pivoting on a SharpExt to profile Kimusky panels for great good
2022-08-04Medium walmartglobaltechJoshua Platt, Jason Reaves
@online{platt:20220804:icedid:546c931, author = {Joshua Platt and Jason Reaves}, title = {{IcedID leverages PrivateLoader}}, date = {2022-08-04}, organization = {Medium walmartglobaltech}, url = {https://medium.com/walmartglobaltech/icedid-leverages-privateloader-7744771bf87f}, language = {English}, urldate = {2022-08-11} } IcedID leverages PrivateLoader
IcedID PrivateLoader
2022-07-06Medium s2wlabHOTSAUCE | S2W TALON
@online{talon:20220706:teng:799c55c, author = {HOTSAUCE | S2W TALON}, title = {{变脸, Teng Snake (a.k.a. Code Core)}}, date = {2022-07-06}, organization = {Medium s2wlab}, url = {https://medium.com/s2wblog/%E5%8F%98%E8%84%B8-teng-snake-a-k-a-code-core-8c35268b4d1a}, language = {English}, urldate = {2022-07-12} } 变脸, Teng Snake (a.k.a. Code Core)
CodeCore
2022-06-16Medium s2wlabS2W TALON
@online{talon:20220616:raccoon:de7df76, author = {S2W TALON}, title = {{Raccoon Stealer is Back with a New Version}}, date = {2022-06-16}, organization = {Medium s2wlab}, url = {https://medium.com/s2wblog/raccoon-stealer-is-back-with-a-new-version-5f436e04b20d}, language = {English}, urldate = {2022-06-17} } Raccoon Stealer is Back with a New Version
Raccoon
2022-05-25Medium walmartglobaltechJason Reaves, Joshua Platt
@online{reaves:20220525:socgholish:f876e0e, author = {Jason Reaves and Joshua Platt}, title = {{SocGholish Campaigns and Initial Access Kit}}, date = {2022-05-25}, organization = {Medium walmartglobaltech}, url = {https://medium.com/walmartglobaltech/socgholish-campaigns-and-initial-access-kit-4c4283fea8ee}, language = {English}, urldate = {2022-06-02} } SocGholish Campaigns and Initial Access Kit
FAKEUPDATES Blister Cobalt Strike NetSupportManager RAT
2022-05-12Medium s2wlabJiho Kim
@online{kim:20220512:history:03c1535, author = {Jiho Kim}, title = {{The History of BlackGuard Stealer}}, date = {2022-05-12}, organization = {Medium s2wlab}, url = {https://medium.com/s2wblog/the-history-of-blackguard-stealer-86207e72ffb4}, language = {English}, urldate = {2022-05-17} } The History of BlackGuard Stealer
BlackGuard
2022-04-27Medium elis531989Eli Salem
@online{salem:20220427:chronicles:c55d826, author = {Eli Salem}, title = {{The chronicles of Bumblebee: The Hook, the Bee, and the Trickbot connection}}, date = {2022-04-27}, organization = {Medium elis531989}, url = {https://elis531989.medium.com/the-chronicles-of-bumblebee-the-hook-the-bee-and-the-trickbot-connection-686379311056}, language = {English}, urldate = {2022-04-29} } The chronicles of Bumblebee: The Hook, the Bee, and the Trickbot connection
BumbleBee TrickBot
2022-04-25Medium proferosec-osmBrenton Morris
@online{morris:20220425:static:ae1f9c2, author = {Brenton Morris}, title = {{Static unpacker and decoder for Hello Kitty Packer}}, date = {2022-04-25}, organization = {Medium proferosec-osm}, url = {https://medium.com/proferosec-osm/static-unpacker-and-decoder-for-hello-kitty-packer-91a3e8844cb7}, language = {English}, urldate = {2022-04-29} } Static unpacker and decoder for Hello Kitty Packer
HelloKitty
2022-04-15Medium walmartglobaltechJason Reaves
@online{reaves:20220415:revisiting:94c149c, author = {Jason Reaves}, title = {{Revisiting BatLoader C2 structure}}, date = {2022-04-15}, organization = {Medium walmartglobaltech}, url = {https://medium.com/walmartglobaltech/revisiting-batloader-c2-structure-52f46ff9893a}, language = {English}, urldate = {2022-04-29} } Revisiting BatLoader C2 structure
2022-04-14Medium (@DCSO_CyTec)DCSO CyTec
@online{cytec:20220414:404:a7dc53d, author = {DCSO CyTec}, title = {{404 — File still found}}, date = {2022-04-14}, organization = {Medium (@DCSO_CyTec)}, url = {https://medium.com/@DCSO_CyTec/404-file-still-found-d52c3834084c}, language = {English}, urldate = {2022-05-31} } 404 — File still found
SideWinder
2022-04-06Medium mars0xMars
@online{mars:20220406:wannahusky:0f8a9a7, author = {Mars}, title = {{WannaHusky Malware Analysis w/ YARA + TTPs}}, date = {2022-04-06}, organization = {Medium mars0x}, url = {https://medium.com/@mars0x/wannahusky-malware-analysis-w-yara-ttps-2069fb479909}, language = {English}, urldate = {2022-04-08} } WannaHusky Malware Analysis w/ YARA + TTPs
WannaHusky
2022-04-05Medium jsecurity101Jonathan Johnson
@online{johnson:20220405:bypassing:2397ea1, author = {Jonathan Johnson}, title = {{Bypassing Access Mask Auditing Strategies}}, date = {2022-04-05}, organization = {Medium jsecurity101}, url = {https://jsecurity101.medium.com/bypassing-access-mask-auditing-strategies-480fb641c158}, language = {English}, urldate = {2022-04-15} } Bypassing Access Mask Auditing Strategies
2022-04-04Medium (csg-govtech)Max Chee
@online{chee:20220404:uncommon:1b240dc, author = {Max Chee}, title = {{Uncommon office malware stagers}}, date = {2022-04-04}, organization = {Medium (csg-govtech)}, url = {https://medium.com/csg-govtech/uncommon-office-malware-stagers-dad49a8f2054}, language = {English}, urldate = {2022-04-07} } Uncommon office malware stagers
2022-04-01Medium s2wlabJiho Kim
@online{kim:20220401:rising:8510271, author = {Jiho Kim}, title = {{Rising Stealer in Q1 2022: BlackGuard Stealer}}, date = {2022-04-01}, organization = {Medium s2wlab}, url = {https://medium.com/s2wblog/rising-stealer-in-q1-2022-blackguard-stealer-f516d9f85ee5}, language = {English}, urldate = {2022-04-15} } Rising Stealer in Q1 2022: BlackGuard Stealer
BlackGuard
2022-03-31Medium michaelkoczwaraMichael Koczwara
@online{koczwara:20220331:lapsus:5e2e01b, author = {Michael Koczwara}, title = {{LAPSUS$ TTP’s}}, date = {2022-03-31}, organization = {Medium michaelkoczwara}, url = {https://michaelkoczwara.medium.com/lapsus-ttps-431d1ca21e80}, language = {English}, urldate = {2022-04-04} } LAPSUS$ TTP’s
2022-03-28Medium walmartglobaltechJason Reaves
@online{reaves:20220328:cobaltstrike:65362d3, author = {Jason Reaves}, title = {{CobaltStrike UUID stager}}, date = {2022-03-28}, organization = {Medium walmartglobaltech}, url = {https://medium.com/walmartglobaltech/cobaltstrike-uuid-stager-ca7e82f7bb64}, language = {English}, urldate = {2022-04-05} } CobaltStrike UUID stager
Cobalt Strike
2022-03-27Medium M3H51NM3H51N
@online{m3h51n:20220327:malware:b1e1deb, author = {M3H51N}, title = {{Malware Analysis — NanoCore Rat}}, date = {2022-03-27}, organization = {Medium M3H51N}, url = {https://medium.com/@M3HS1N/malware-analysis-nanocore-rat-6cae8c6df918}, language = {English}, urldate = {2022-04-04} } Malware Analysis — NanoCore Rat
Nanocore RAT
2022-03-24Medium s2wlabS2W TALON
@online{talon:20220324:footsteps:aa24072, author = {S2W TALON}, title = {{Footsteps of the LAPSUS$ hacking group}}, date = {2022-03-24}, organization = {Medium s2wlab}, url = {https://medium.com/s2wblog/footsteps-of-the-lapsus-hacking-group-73a8a143c375}, language = {Korean}, urldate = {2022-03-24} } Footsteps of the LAPSUS$ hacking group
2022-03-10Medium walmartglobaltechJason Reaves, Joshua Platt
@online{reaves:20220310:diavol:2a6514a, author = {Jason Reaves and Joshua Platt}, title = {{Diavol the Enigma of Ransomware}}, date = {2022-03-10}, organization = {Medium walmartglobaltech}, url = {https://medium.com/walmartglobaltech/diavol-the-enigma-of-ransomware-1fd78ffda648}, language = {English}, urldate = {2022-03-14} } Diavol the Enigma of Ransomware
Diavol
2022-03-09Medium Invictus Incident ResponseInvictus Incident Response
@online{response:20220309:set:5298d9e, author = {Invictus Incident Response}, title = {{Set up Splunk for Incident Response in GCP in 15 minutes..}}, date = {2022-03-09}, organization = {Medium Invictus Incident Response}, url = {https://invictus-ir.medium.com/set-up-splunk-for-incident-response-in-gcp-in-15-minutes-52eebc7e5a91}, language = {English}, urldate = {2022-03-28} } Set up Splunk for Incident Response in GCP in 15 minutes..