Click here to download all references as Bib-File.
| 2022-10-28 ⋅ cocomelonc ⋅ APT techniques: Token theft via UpdateProcThreadAttribute. Simple C++ example. |
| 2022-09-30 ⋅ cocomelonc ⋅ Malware development: persistence - part 12. Accessibility Features. Simple C++ example. |
| 2022-09-25 ⋅ cocomelonc ⋅ APT techniques: Access Token manipulation. Token theft. Simple C++ example. |
| 2022-09-20 ⋅ Malware development: persistence - part 11. Powershell profile. Simple C++ example. Turla RAT TurlaRPC |
| 2022-09-10 ⋅ Malware development: persistence - part 10. Using Image File Execution Options. Simple C++ example. SUNBURST |
| 2022-09-06 ⋅ cocomelonc ⋅ Malware development tricks: parent PID spoofing. Simple C++ example. Cobalt Strike Konni |
| 2022-08-26 ⋅ Malware development: persistence - part 9. Default file extension hijacking. Simple C++ example. Kimsuky |
| 2022-07-30 ⋅ Malware AV evasion - part 8. Encode payload via Z85 Agent Tesla Carbanak Carberp Cardinal RAT Cobalt Strike donut_injector |
| 2022-07-21 ⋅ Malware development tricks. Run shellcode like a Lazarus Group. C++ example. |
| 2022-06-12 ⋅ Malware development: persistence - part 7. Winlogon. Simple C++ example. BazarBackdoor Gazer TurlaRPC Turla SilentMoon |
| 2022-05-22 ⋅ cocomelonc ⋅ Malware development trick - part 29: Store binary data in registry. Simple C++ example. Turla RAT PILLOWMINT PipeMon |
| 2022-05-16 ⋅ cocomelonc ⋅ Malware development: persistence - part 6. Windows netsh helper DLL. Simple C++ example. CherryPicker POS Ramsay |
| 2022-05-09 ⋅ cocomelonc ⋅ Malware development: persistence - part 4. Windows services. Simple C++ example. Anchor AppleJeus Attor BBSRAT BlackEnergy Carbanak Cobalt Strike DuQu |
| 2022-05-02 ⋅ cocomelonc ⋅ Malware development: persistence - part 3. COM DLL hijack. Simple C++ example Agent.BTZ Ave Maria Konni Mosquito TurlaRPC |
| 2022-04-26 ⋅ cocomelonc ⋅ Malware development: persistence - part 2. Screensaver hijack. C++ example. Gazer |
| 2022-04-20 ⋅ cocomelonc ⋅ Malware development: persistence - part 1. Registry run keys. C++ example. Agent Tesla Amadey BlackEnergy Cobian RAT COZYDUKE Emotet Empire Downloader Kimsuky |
| 2022-04-11 ⋅ Conti ransomware source code investigation - part 2 Conti |
| 2022-04-02 ⋅ Github (cocomelonc) ⋅ Malware development tricks. Find kernel32.dll base: asm style. C++ example. Conti |
| 2022-03-27 ⋅ Conti ransomware source code investigation - part 1 Conti |
| 2021-09-06 ⋅ cocomelonc ⋅ AV engines evasion for C++ simple malware: part 2 Agent Tesla Amadey Anchor Carbanak Carberp Cardinal RAT Felixroot Konni Loki Password Stealer (PWS) Maze Unidentified 090 (Lazarus) |