Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2022-01-02forensicitguyTony Lambert
@online{lambert:20220102:analyzing:7f13565, author = {Tony Lambert}, title = {{Analyzing a Magnitude EK Appx Package Dropping Magniber}}, date = {2022-01-02}, organization = {forensicitguy}, url = {https://forensicitguy.github.io/analyzing-magnitude-magniber-appx/}, language = {English}, urldate = {2022-01-25} } Analyzing a Magnitude EK Appx Package Dropping Magniber
Magniber
2022-01-01forensicitguyTony Lambert
@online{lambert:20220101:analyzing:1512a76, author = {Tony Lambert}, title = {{Analyzing an IcedID Loader Document}}, date = {2022-01-01}, organization = {forensicitguy}, url = {https://forensicitguy.github.io/analyzing-icedid-document/}, language = {English}, urldate = {2022-01-25} } Analyzing an IcedID Loader Document
IcedID
2021-12-02Red CanaryTony Lambert
@techreport{lambert:20211202:kmspico:4e3afa7, author = {Tony Lambert}, title = {{KMSPico and Cryptbot: A spicy combo}}, date = {2021-12-02}, institution = {Red Canary}, url = {https://redcanary.com/wp-content/uploads/2021/12/KMSPico-V5.pdf}, language = {English}, urldate = {2021-12-07} } KMSPico and Cryptbot: A spicy combo
CryptBot
2021-08-05Red CanaryTony Lambert, Brian Donohue, Dan Cotton
@online{lambert:20210805:when:aeb7b10, author = {Tony Lambert and Brian Donohue and Dan Cotton}, title = {{When Dridex and Cobalt Strike give you Grief}}, date = {2021-08-05}, organization = {Red Canary}, url = {https://redcanary.com/blog/grief-ransomware/}, language = {English}, urldate = {2021-09-10} } When Dridex and Cobalt Strike give you Grief
Cobalt Strike DoppelDridex DoppelPaymer
2021-03-09Red CanaryTony Lambert, Brian Donohue, Katie Nickels
@online{lambert:20210309:microsoft:6a37334, author = {Tony Lambert and Brian Donohue and Katie Nickels}, title = {{Microsoft Exchange server exploitation: how to detect, mitigate, and stay calm}}, date = {2021-03-09}, organization = {Red Canary}, url = {https://redcanary.com/blog/microsoft-exchange-attacks}, language = {English}, urldate = {2021-03-11} } Microsoft Exchange server exploitation: how to detect, mitigate, and stay calm
CHINACHOPPER
2021-02-18Red CanaryTony Lambert
@online{lambert:20210218:clipping:ec693c2, author = {Tony Lambert}, title = {{Clipping Silver Sparrow’s wings: Outing macOS malware before it takes flight}}, date = {2021-02-18}, organization = {Red Canary}, url = {https://redcanary.com/blog/clipping-silver-sparrows-wings/#technical-analysis}, language = {English}, urldate = {2021-02-20} } Clipping Silver Sparrow’s wings: Outing macOS malware before it takes flight
Silver Sparrow
2021-01-06Red CanaryTony Lambert
@online{lambert:20210106:hunting:272410b, author = {Tony Lambert}, title = {{Hunting for GetSystem in offensive security tools}}, date = {2021-01-06}, organization = {Red Canary}, url = {https://redcanary.com/blog/getsystem-offsec/}, language = {English}, urldate = {2021-01-11} } Hunting for GetSystem in offensive security tools
Cobalt Strike Empire Downloader Meterpreter PoshC2
2020-07-22Red CanaryTony Lambert
@online{lambert:20200722:connecting:eb1b19a, author = {Tony Lambert}, title = {{Connecting Kinsing malware to Citrix and SaltStack campaigns}}, date = {2020-07-22}, organization = {Red Canary}, url = {https://redcanary.com/blog/kinsing-malware-citrix-saltstack/}, language = {English}, urldate = {2020-07-30} } Connecting Kinsing malware to Citrix and SaltStack campaigns
Kinsing
2020-05-07Red CanaryTony Lambert
@online{lambert:20200507:introducing:04e15eb, author = {Tony Lambert}, title = {{Introducing Blue Mockingbird}}, date = {2020-05-07}, organization = {Red Canary}, url = {https://redcanary.com/blog/blue-mockingbird-cryptominer/}, language = {English}, urldate = {2020-06-02} } Introducing Blue Mockingbird
2019-05-01Red CanaryTony Lambert
@online{lambert:20190501:frameworkpos:376a823, author = {Tony Lambert}, title = {{FrameworkPOS and the adequate persistent threat}}, date = {2019-05-01}, organization = {Red Canary}, url = {https://redcanary.com/blog/frameworkpos-and-the-adequate-persistent-threat/}, language = {English}, urldate = {2020-01-29} } FrameworkPOS and the adequate persistent threat
Grateful POS