Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2022-09-06Didier StevensDidier Stevens
An Obfuscated Beacon – Extra XOR Layer
Cobalt Strike
2022-04-06nvisoDidier Stevens
Analyzing a “multilayer” Maldoc: A Beginner’s Guide
404 Keylogger
2022-03-22NVISO LabsDidier Stevens
Cobalt Strike: Overview – Part 7
Cobalt Strike
2021-11-17nvisoDidier Stevens
Cobalt Strike: Decrypting Obfuscated Traffic – Part 4
Cobalt Strike
2021-11-03Didier StevensDidier Stevens
New Tool: cs-extract-key.py
Cobalt Strike
2021-11-03nvisoDidier Stevens
Cobalt Strike: Using Process Memory To Decrypt Traffic – Part 3
Cobalt Strike
2021-10-27nvisoDidier Stevens
Cobalt Strike: Using Known Private Keys To Decrypt Traffic – Part 2
Cobalt Strike
2021-10-21nvisoDidier Stevens
Cobalt Strike: Using Known Private Keys To Decrypt Traffic – Part 1
Cobalt Strike
2021-04-18YouTube (dist67)Didier Stevens
Decoding Cobalt Strike Traffic
Cobalt Strike
2021-03-21YouTube (dist67)Didier Stevens
Finding Metasploit & Cobalt Strike URLs
Cobalt Strike
2021-03-07InfoSec Handlers Diary BlogDidier Stevens
PCAPs and Beacons
Cobalt Strike
2020-12-15InfoSec Handlers Diary BlogDidier Stevens
Analyzing FireEye Maldocs
2020-10-26SANS ISC InfoSec ForumsDidier Stevens
Excel 4 Macros: "Abnormal Sheet Visibility"
2020-09-01nvisoBart Parys, Didier Stevens, Dries Boone, Maxime Thiebaut, Michel Coene
Epic Manchego – atypical maldoc delivery brings flurry of infostealers
Azorult NjRAT
2020-03-23SANS ISCDidier Stevens
KPOT Deployed via AutoIt Script
KPOT Stealer
2019-08-26InfoSec Handlers Diary BlogDidier Stevens
The DAA File Format