Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2021-05-25Medium s2wlabHyunmin Suh, Denise Dasom Kim, Jungyeon Lim
@online{suh:20210525:w4:b927684, author = {Hyunmin Suh and Denise Dasom Kim and Jungyeon Lim}, title = {{W4 May | EN | Story of the week: Ransomware on the Darkweb}}, date = {2021-05-25}, organization = {Medium s2wlab}, url = {https://medium.com/s2wlab/w4-may-en-story-of-the-week-ransomware-on-the-darkweb-5f5b8d4c3b6f}, language = {English}, urldate = {2021-06-16} } W4 May | EN | Story of the week: Ransomware on the Darkweb
Babuk REvil
2021-05-24Medium s2wlabSeunghoe Kim
@online{kim:20210524:deep:6cef7f7, author = {Seunghoe Kim}, title = {{Deep Analysis of Raccoon Stealer}}, date = {2021-05-24}, organization = {Medium s2wlab}, url = {https://medium.com/s2wlab/deep-analysis-of-raccoon-stealer-5da8cbbc4949}, language = {Korean}, urldate = {2021-06-16} } Deep Analysis of Raccoon Stealer
Raccoon
2021-05-19Medium Mehmet ErgeneMehmet Ergene
@online{ergene:20210519:enterprise:f7fb481, author = {Mehmet Ergene}, title = {{Enterprise Scale Threat Hunting: Network Beacon Detection with Unsupervised ML and KQL — Part 2}}, date = {2021-05-19}, organization = {Medium Mehmet Ergene}, url = {https://mergene.medium.com/enterprise-scale-threat-hunting-network-beacon-detection-with-unsupervised-ml-and-kql-part-2-bff46cfc1e7e}, language = {English}, urldate = {2021-05-26} } Enterprise Scale Threat Hunting: Network Beacon Detection with Unsupervised ML and KQL — Part 2
Cobalt Strike
2021-05-18Medium (Cryptax)Axelle Apvrille
@online{apvrille:20210518:native:350d98f, author = {Axelle Apvrille}, title = {{A native packer for Android/MoqHao}}, date = {2021-05-18}, organization = {Medium (Cryptax)}, url = {https://cryptax.medium.com/a-native-packer-for-android-moqhao-6362a8412fe1}, language = {English}, urldate = {2021-05-19} } A native packer for Android/MoqHao
MoqHao
2021-05-17Medium s2wlabHyunmin Suh, Denise Dasom Kim, Jungyeon Lim, YH Jeong
@online{suh:20210517:w3:0e9b789, author = {Hyunmin Suh and Denise Dasom Kim and Jungyeon Lim and YH Jeong}, title = {{W3 May | EN | Story of the week: Code Signing Certificate on the Darkweb}}, date = {2021-05-17}, organization = {Medium s2wlab}, url = {https://medium.com/s2wlab/w3-may-en-story-of-the-week-code-signing-certificate-on-the-darkweb-94c7ec437001}, language = {English}, urldate = {2021-06-16} } W3 May | EN | Story of the week: Code Signing Certificate on the Darkweb
Stuxnet
2021-05-12Medium Mehmet ErgeneMehmet Ergene
@online{ergene:20210512:enterprise:09742df, author = {Mehmet Ergene}, title = {{Enterprise Scale Threat Hunting: Network Beacon Detection with Unsupervised ML and KQL — Part 1}}, date = {2021-05-12}, organization = {Medium Mehmet Ergene}, url = {https://mergene.medium.com/enterprise-scale-threat-hunting-network-beacon-detection-with-unsupervised-machine-learning-and-277c4c30304f}, language = {English}, urldate = {2021-05-26} } Enterprise Scale Threat Hunting: Network Beacon Detection with Unsupervised ML and KQL — Part 1
Cobalt Strike
2021-05-07Medium svch0stsvch0st
@online{svch0st:20210507:stats:11919e5, author = {svch0st}, title = {{Stats from Hunting Cobalt Strike Beacons}}, date = {2021-05-07}, organization = {Medium svch0st}, url = {https://svch0st.medium.com/stats-from-hunting-cobalt-strike-beacons-c17e56255f9b}, language = {English}, urldate = {2021-05-08} } Stats from Hunting Cobalt Strike Beacons
Cobalt Strike
2021-05-04Medium sergiusechelSergiu Sechel
@online{sechel:20210504:improving:ce4da6d, author = {Sergiu Sechel}, title = {{Improving the network-based detection of Cobalt Strike C2 servers in the wild while reducing the risk of false positives}}, date = {2021-05-04}, organization = {Medium sergiusechel}, url = {https://sergiusechel.medium.com/improving-the-network-based-detection-of-cobalt-strike-c2-servers-in-the-wild-while-reducing-the-6964205f6468}, language = {English}, urldate = {2021-05-04} } Improving the network-based detection of Cobalt Strike C2 servers in the wild while reducing the risk of false positives
Cobalt Strike
2021-05-03Medium walmartglobaltechJoshua Platt, Jason Reaves
@online{platt:20210503:buerloader:2aa3e3f, author = {Joshua Platt and Jason Reaves}, title = {{BuerLoader Updates}}, date = {2021-05-03}, organization = {Medium walmartglobaltech}, url = {https://medium.com/walmartglobaltech/buerloader-updates-3e34c1949b96}, language = {English}, urldate = {2021-05-04} } BuerLoader Updates
Buer
2021-04-30Medium ateixeiAlex Teixeira
@online{teixeira:20210430:detecting:70a1053, author = {Alex Teixeira}, title = {{Detecting network beacons via KQL using simple spread stats functions}}, date = {2021-04-30}, organization = {Medium ateixei}, url = {https://ateixei.medium.com/detecting-network-beacons-via-kql-using-simple-spread-stats-functions-c2f031b0736b}, language = {English}, urldate = {2021-05-03} } Detecting network beacons via KQL using simple spread stats functions
2021-04-27Medium Cedric OwensCedric Owens
@online{owens:20210427:macos:489e558, author = {Cedric Owens}, title = {{macOS Gatekeeper Bypass (2021 Edition)}}, date = {2021-04-27}, organization = {Medium Cedric Owens}, url = {https://cedowens.medium.com/macos-gatekeeper-bypass-2021-edition-5256a2955508}, language = {English}, urldate = {2021-04-29} } macOS Gatekeeper Bypass (2021 Edition)
Shlayer
2021-04-26Medium testbnullMin-Chang Jang
@online{jang:20210426:microsoft:9ccf07e, author = {Min-Chang Jang}, title = {{Microsoft Exchange From Deserialization to Post-Auth RCE (CVE-2021–28482)}}, date = {2021-04-26}, organization = {Medium testbnull}, url = {https://testbnull.medium.com/microsoft-exchange-from-deserialization-to-post-auth-rce-cve-2021-28482-e713001d915f}, language = {Vietnamese}, urldate = {2021-06-07} } Microsoft Exchange From Deserialization to Post-Auth RCE (CVE-2021–28482)
2021-04-24Medium lordx64Taha Karim
@online{karim:20210424:initial:b6d138f, author = {Taha Karim}, title = {{Initial analysis of PasswordState supply chain attack backdoor code}}, date = {2021-04-24}, organization = {Medium lordx64}, url = {https://lordx64.medium.com/initial-analysis-of-passwordstate-supply-chain-attack-backdoor-code-aaff1df389e4}, language = {English}, urldate = {2021-04-29} } Initial analysis of PasswordState supply chain attack backdoor code
2021-04-20Medium PacktPackt
@online{packt:20210420:what:e5cdffb, author = {Packt}, title = {{What Is Cyber Threat Intelligence?}}, date = {2021-04-20}, organization = {Medium Packt}, url = {https://packt.medium.com/what-is-cyber-threat-intelligence-7f369e5d773b}, language = {English}, urldate = {2021-06-16} } What Is Cyber Threat Intelligence?
2021-04-20Medium walmartglobaltechJason Reaves
@online{reaves:20210420:cobaltstrike:d18d4c4, author = {Jason Reaves}, title = {{CobaltStrike Stager Utilizing Floating Point Math}}, date = {2021-04-20}, organization = {Medium walmartglobaltech}, url = {https://medium.com/walmartglobaltech/cobaltstrike-stager-utilizing-floating-point-math-9bc13f9b9718}, language = {English}, urldate = {2021-04-20} } CobaltStrike Stager Utilizing Floating Point Math
Cobalt Strike
2021-04-19Medium elis531989Eli Salem
@online{salem:20210419:dancing:7fbe743, author = {Eli Salem}, title = {{Dancing With Shellcodes: Cracking the latest version of Guloader}}, date = {2021-04-19}, organization = {Medium elis531989}, url = {https://elis531989.medium.com/dancing-with-shellcodes-cracking-the-latest-version-of-guloader-75083fb15cb4}, language = {English}, urldate = {2021-04-20} } Dancing With Shellcodes: Cracking the latest version of Guloader
CloudEyE
2021-04-16Medium (Bank Security)Bank_Security
@online{banksecurity:20210416:are:88ed36e, author = {Bank_Security}, title = {{Are the hackers all Russian? Results of a 1 year espionage operation in the Top-tier Russian underground communities}}, date = {2021-04-16}, organization = {Medium (Bank Security)}, url = {https://bank-security.medium.com/are-the-hackers-all-russian-363d09a6610}, language = {English}, urldate = {2021-04-19} } Are the hackers all Russian? Results of a 1 year espionage operation in the Top-tier Russian underground communities
2021-04-15Medium BI.ZONEAnton Medvedev, Vadim Khrykov, Demyan Sokolin
@online{medvedev:20210415:hunting:d53ca2b, author = {Anton Medvedev and Vadim Khrykov and Demyan Sokolin}, title = {{Hunting Down MS Exchange Attacks. Part 1. ProxyLogon (CVE-2021–26855, 26858, 27065, 26857)}}, date = {2021-04-15}, organization = {Medium BI.ZONE}, url = {https://bi-zone.medium.com/hunting-down-ms-exchange-attacks-part-1-proxylogon-cve-2021-26855-26858-27065-26857-6e885c5f197c}, language = {English}, urldate = {2021-06-21} } Hunting Down MS Exchange Attacks. Part 1. ProxyLogon (CVE-2021–26855, 26858, 27065, 26857)
2021-04-09Medium walmartglobaltechJason Reaves
@online{reaves:20210409:relook:ab87230, author = {Jason Reaves}, title = {{A Relook at the TerraLoader Dropper DLL}}, date = {2021-04-09}, organization = {Medium walmartglobaltech}, url = {https://medium.com/walmartglobaltech/a-re-look-at-the-terraloader-dropper-dll-e5947ad6e244}, language = {English}, urldate = {2021-04-12} } A Relook at the TerraLoader Dropper DLL
TerraLoader
2021-04-07Medium walmartglobaltechJason Reaves
@online{reaves:20210407:not:c28aeef, author = {Jason Reaves}, title = {{Not your same old adware anymore, PBOT updates}}, date = {2021-04-07}, organization = {Medium walmartglobaltech}, url = {https://medium.com/walmartglobaltech/not-your-same-old-adware-anymore-pbot-updates-6d43b159ab35}, language = {English}, urldate = {2021-04-09} } Not your same old adware anymore, PBOT updates