Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2022-03-03Medium s2wlabJiho Kim
@online{kim:20220303:deep:3cac6e2, author = {Jiho Kim}, title = {{Deep Analysis of Redline Stealer: Leaked Credential with WCF}}, date = {2022-03-03}, organization = {Medium s2wlab}, url = {https://medium.com/s2wblog/deep-analysis-of-redline-stealer-leaked-credential-with-wcf-7b31901da904}, language = {English}, urldate = {2022-03-07} } Deep Analysis of Redline Stealer: Leaked Credential with WCF
RedLine Stealer
2022-03-03Medium Wes LambertWes Lambert
@online{lambert:20220303:zero:fcfe985, author = {Wes Lambert}, title = {{Zero Dollar Detection and Response Orchestration with n8n, Security Onion, TheHive, and Velociraptor}}, date = {2022-03-03}, organization = {Medium Wes Lambert}, url = {https://wlambertts.medium.com/zero-dollar-detection-and-response-orchestration-with-n8n-security-onion-thehive-and-10b5e685e2a1}, language = {English}, urldate = {2022-03-25} } Zero Dollar Detection and Response Orchestration with n8n, Security Onion, TheHive, and Velociraptor
2022-03-01Medium whickey000Wade Hickey
@online{hickey:20220301:how:5c93535, author = {Wade Hickey}, title = {{How I Cracked CONTI Ransomware Group’s Leaked Source Code ZIP File}}, date = {2022-03-01}, organization = {Medium whickey000}, url = {https://medium.com/@whickey000/how-i-cracked-conti-ransomware-groups-leaked-source-code-zip-file-e15d54663a8}, language = {English}, urldate = {2022-03-02} } How I Cracked CONTI Ransomware Group’s Leaked Source Code ZIP File
Conti
2022-02-28Medium arnozobecArnaud Zobec
@online{zobec:20220228:analyzing:4990203, author = {Arnaud Zobec}, title = {{Analyzing conti-leaks without speaking russian — only methodology}}, date = {2022-02-28}, organization = {Medium arnozobec}, url = {https://medium.com/@arnozobec/analyzing-conti-leaks-without-speaking-russian-only-methodology-f5aecc594d1b}, language = {English}, urldate = {2022-03-02} } Analyzing conti-leaks without speaking russian — only methodology
Conti
2022-02-20Medium SOCFortressSOCFortress
@online{socfortress:20220220:detecting:5d28c28, author = {SOCFortress}, title = {{Detecting Cobalt Strike Beacons}}, date = {2022-02-20}, organization = {Medium SOCFortress}, url = {https://socfortress.medium.com/detecting-cobalt-strike-beacons-3f8c9fdcb654}, language = {English}, urldate = {2022-02-26} } Detecting Cobalt Strike Beacons
Cobalt Strike
2022-02-17Medium s2wlabS2W TALON
@online{talon:20220217:tracking:5957935, author = {S2W TALON}, title = {{Tracking SugarLocker ransomware & operator}}, date = {2022-02-17}, organization = {Medium s2wlab}, url = {https://medium.com/s2wblog/tracking-sugarlocker-ransomware-3a3492353c49}, language = {English}, urldate = {2022-02-19} } Tracking SugarLocker ransomware & operator
Sugar
2022-02-16Medium elis531989Eli Salem
@online{salem:20220216:highway:c1726ea, author = {Eli Salem}, title = {{Highway to Conti: Analysis of Bazarloader}}, date = {2022-02-16}, organization = {Medium elis531989}, url = {https://elis531989.medium.com/highway-to-conti-analysis-of-bazarloader-26368765689d}, language = {English}, urldate = {2022-02-17} } Highway to Conti: Analysis of Bazarloader
BazarBackdoor
2022-02-16Medium s2wlabS2W TALON
@online{talon:20220216:post:82b63e4, author = {S2W TALON}, title = {{Post Mortem of KlaySwap Incident through BGP Hijacking | EN}}, date = {2022-02-16}, organization = {Medium s2wlab}, url = {https://medium.com/s2wblog/post-mortem-of-klayswap-incident-through-bgp-hijacking-en-3ed7e33de600}, language = {English}, urldate = {2022-02-26} } Post Mortem of KlaySwap Incident through BGP Hijacking | EN
2022-02-14Medium walmartglobaltechJason Reaves, Joshua Platt
@online{reaves:20220214:privateloader:e7e062e, author = {Jason Reaves and Joshua Platt}, title = {{PrivateLoader to Anubis Loader}}, date = {2022-02-14}, organization = {Medium walmartglobaltech}, url = {https://medium.com/walmartglobaltech/privateloader-to-anubis-loader-55d066a2653e}, language = {English}, urldate = {2022-08-05} } PrivateLoader to Anubis Loader
Anubis Loader PrivateLoader
2022-02-04Medium tomiwa-xyAdetomiwa
@online{adetomiwa:20220204:static:86b3c83, author = {Adetomiwa}, title = {{Static analysis of Goldenhelper Malware (Golden Tax malware)}}, date = {2022-02-04}, organization = {Medium tomiwa-xy}, url = {https://tomiwa-xy.medium.com/static-analysis-of-goldenhelper-malware-golden-tax-malware-d9f85a88e74d}, language = {English}, urldate = {2022-02-17} } Static analysis of Goldenhelper Malware (Golden Tax malware)
GoldenHelper
2022-02-01Medium walmartglobaltechJoshua Platt, Jonathan Mccay, Jason Reaves
@online{platt:20220201:sugar:ba25cd3, author = {Joshua Platt and Jonathan Mccay and Jason Reaves}, title = {{Sugar Ransomware, a new RaaS}}, date = {2022-02-01}, organization = {Medium walmartglobaltech}, url = {https://medium.com/walmartglobaltech/sugar-ransomware-a-new-raas-a5d94d58d9fb}, language = {English}, urldate = {2022-02-02} } Sugar Ransomware, a new RaaS
Sugar
2022-01-31Medium SebdravenSébastien Larinier
@online{larinier:20220131:whisperkill:a46b908, author = {Sébastien Larinier}, title = {{WhisperKill vs WhiteBlackCrypt: un petit soucis de fichiers…}}, date = {2022-01-31}, organization = {Medium Sebdraven}, url = {https://sebdraven.medium.com/whisperkill-vs-whiteblackcrypt-un-petit-soucis-de-fichiers-9c4dcd013316}, language = {French}, urldate = {2022-03-07} } WhisperKill vs WhiteBlackCrypt: un petit soucis de fichiers…
WhiteBlackCrypt
2022-01-30Medium System WeaknessMedium (Hacktivities)
@online{hacktivities:20220130:rig:bcf7a45, author = {Medium (Hacktivities)}, title = {{Rig Exploitation Kit Infection — Malware Traffic Analysis}}, date = {2022-01-30}, organization = {Medium System Weakness}, url = {https://systemweakness.com/rig-exploitation-kit-infection-malware-traffic-analysis-70fd1b430fdc}, language = {English}, urldate = {2022-02-02} } Rig Exploitation Kit Infection — Malware Traffic Analysis
2022-01-27Medium jonahacksJon
@online{jon:20220127:malware:e37a723, author = {Jon}, title = {{Malware Analysis —Manual Unpacking of Redaman}}, date = {2022-01-27}, organization = {Medium jonahacks}, url = {https://jonahacks.medium.com/malware-analysis-manual-unpacking-of-redaman-ec1782352cfb}, language = {English}, urldate = {2022-04-04} } Malware Analysis —Manual Unpacking of Redaman
RTM
2022-01-18Medium (Scarlet Shark)Scarlet Shark
@online{shark:20220118:perswaysion:df80644, author = {Scarlet Shark}, title = {{PerSwaysion Threat Actor Updates Their Techniques and Infrastructure}}, date = {2022-01-18}, organization = {Medium (Scarlet Shark)}, url = {https://blog.scarletshark.com/perswaysion-threat-actor-updates-their-techniques-and-infrastructure-e9465157a653}, language = {English}, urldate = {2022-01-24} } PerSwaysion Threat Actor Updates Their Techniques and Infrastructure
2022-01-14Medium (Cryptax)Axelle Apvrille
@online{apvrille:20220114:multidex:eaa6c6b, author = {Axelle Apvrille}, title = {{Multidex trick to unpack Android/BianLian}}, date = {2022-01-14}, organization = {Medium (Cryptax)}, url = {https://cryptax.medium.com/multidex-trick-to-unpack-android-bianlian-ed52eb791e56}, language = {English}, urldate = {2022-03-30} } Multidex trick to unpack Android/BianLian
BianLian
2022-01-11Medium walmartglobaltechJason Reaves, Joshua Platt
@online{reaves:20220111:signed:0f32583, author = {Jason Reaves and Joshua Platt}, title = {{Signed DLL campaigns as a service}}, date = {2022-01-11}, organization = {Medium walmartglobaltech}, url = {https://medium.com/walmartglobaltech/signed-dll-campaigns-as-a-service-7760ac676489}, language = {English}, urldate = {2022-01-25} } Signed DLL campaigns as a service
Cobalt Strike ISFB Zloader
2022-01-02Medium amgedwagehAmged Wageh
@online{wageh:20220102:automating:90d5701, author = {Amged Wageh}, title = {{Automating The Analysis Of An AutoIT Script That Wraps A Remcos RAT}}, date = {2022-01-02}, organization = {Medium amgedwageh}, url = {https://medium.com/@amgedwageh/analysis-of-an-autoit-script-that-wraps-a-remcos-rat-6b5b66075b87}, language = {English}, urldate = {2022-01-25} } Automating The Analysis Of An AutoIT Script That Wraps A Remcos RAT
Remcos
2021-12-31victory mediumZach Edwards
@online{edwards:20211231:compromised:3ee8044, author = {Zach Edwards}, title = {{Compromised Godaddy Infrastructure Attacking Numerous U.S. Government Websites to Promote “Canadian Pharmacy” Scam Websites}}, date = {2021-12-31}, organization = {victory medium}, url = {https://victorymedium.com/godaddy-global-issues-canadian-pharmacy-injections/}, language = {English}, urldate = {2022-01-25} } Compromised Godaddy Infrastructure Attacking Numerous U.S. Government Websites to Promote “Canadian Pharmacy” Scam Websites
2021-12-28Medium CrovaxCrovax
@online{crovax:20211228:extracting:cd05925, author = {Crovax}, title = {{Extracting Hancitor’s Configuration with Ghidra part 1}}, date = {2021-12-28}, organization = {Medium Crovax}, url = {https://medium.com/@crovax/extracting-hancitors-configuration-with-ghidra-7963900494b5}, language = {English}, urldate = {2022-01-25} } Extracting Hancitor’s Configuration with Ghidra part 1
Hancitor