Click here to download all references as Bib-File.•
| 2021-04-19
⋅
InfoSec Handlers Diary Blog
⋅
Hunting phishing websites with favicon hashes |
| 2021-04-15
⋅
Medium BI.ZONE
⋅
Hunting Down MS Exchange Attacks. Part 1. ProxyLogon (CVE-2021–26855, 26858, 27065, 26857) |
| 2021-04-05
⋅
Huntress Labs
⋅
From PowerShell to Payload: An Analysis of Weaponized Malware |
| 2021-03-25
⋅
Microsoft
⋅
Web Shell Threat Hunting with Azure Sentinel CHINACHOPPER |
| 2021-03-18
⋅
Github (cisagov)
⋅
CISA Hunt and Incident Response Program (CHIRP) SUNBURST |
| 2021-03-18
⋅
Elastic
⋅
Hunting for Lateral Movement using Event Query Language |
| 2021-03-08
⋅
Symantec
⋅
How Symantec Stops Microsoft Exchange Server Attacks CHINACHOPPER MimiKatz |
| 2021-03-05
⋅
Reddit Crowdstrike
⋅
2021-03-05 - Cool Query Friday - Hunting For Renamed Command Line Programs |
| 2021-03-05
⋅
Huntress Labs
⋅
Operation Exchange Marauder CHINACHOPPER |
| 2021-03-04
⋅
Huntress Labs
⋅
Operation Exchange Marauder CHINACHOPPER |
| 2021-03-03
⋅
Huntress Labs
⋅
Rapid Response: Mass Exploitation of On-Prem Exchange Servers CHINACHOPPER HAFNIUM |
| 2021-03-03
⋅
Huntress Labs
⋅
Mass exploitation of on-prem Exchange servers :( CHINACHOPPER HAFNIUM |
| 2021-03-02
⋅
Github (microsoft)
⋅
Microsoft-365-Defender-Hunting-Queries for hunting Gootkit malware delivery and C2 GootKit |
| 2021-03-02
⋅
Medium Mehmet Ergene
⋅
Hunting for the Behavior: Scheduled Tasks |
| 2021-02-25
⋅
Microsoft
⋅
CodeQL queries to hunt for Solorigate activity SUNBURST |
| 2021-02-25
⋅
Microsoft
⋅
Microsoft open sources CodeQL queries used to hunt for Solorigate activity SUNBURST |
| 2021-02-25
⋅
BrightTALK (FireEye)
⋅
Light in the Dark: Hunting for SUNBURST SUNBURST |
| 2021-02-18
⋅
Symantec
⋅
Lazarus: Three North Koreans Charged for Financially Motivated Attacks AppleJeus POOLRAT Unidentified macOS 001 (UnionCryptoTrader) AppleJeus Unidentified 077 (Lazarus Downloader) |
| 2021-02-16
⋅
FireEye
⋅
Light in the Dark: Hunting for SUNBURST SUNBURST |
| 2021-02-16
⋅
Google
⋅
TAG Bulletin: Q1 2021 |