Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2022-10-28cocomelonccocomelonc
@online{cocomelonc:20221028:techniques:0ea2e5c, author = {cocomelonc}, title = {{APT techniques: Token theft via UpdateProcThreadAttribute. Simple C++ example.}}, date = {2022-10-28}, organization = {cocomelonc}, url = {https://cocomelonc.github.io/tutorial/2022/10/28/token-theft-2.html}, language = {English}, urldate = {2022-11-11} } APT techniques: Token theft via UpdateProcThreadAttribute. Simple C++ example.
2022-09-30cocomelonccocomelonc
@online{cocomelonc:20220930:malware:eb2f3c8, author = {cocomelonc}, title = {{Malware development: persistence - part 12. Accessibility Features. Simple C++ example.}}, date = {2022-09-30}, organization = {cocomelonc}, url = {https://cocomelonc.github.io/malware/2022/09/30/malware-pers-12.html}, language = {English}, urldate = {2022-10-14} } Malware development: persistence - part 12. Accessibility Features. Simple C++ example.
2022-09-25cocomelonccocomelonc
@online{cocomelonc:20220925:techniques:3e88b21, author = {cocomelonc}, title = {{APT techniques: Access Token manipulation. Token theft. Simple C++ example.}}, date = {2022-09-25}, organization = {cocomelonc}, url = {https://cocomelonc.github.io/tutorial/2022/09/25/token-theft-1.html}, language = {English}, urldate = {2022-11-10} } APT techniques: Access Token manipulation. Token theft. Simple C++ example.
2022-09-20cocomelonc
@online{cocomelonc:20220920:malware:c0e9c97, author = {cocomelonc}, title = {{Malware development: persistence - part 11. Powershell profile. Simple C++ example.}}, date = {2022-09-20}, url = {https://cocomelonc.github.io/malware/2022/09/20/malware-pers-11.html}, language = {English}, urldate = {2022-10-19} } Malware development: persistence - part 11. Powershell profile. Simple C++ example.
Turla RAT TurlaRPC
2022-09-10cocomelonc
@online{cocomelonc:20220910:malware:edaf050, author = {cocomelonc}, title = {{Malware development: persistence - part 10. Using Image File Execution Options. Simple C++ example.}}, date = {2022-09-10}, url = {https://cocomelonc.github.io/malware/2022/09/10/malware-pers-10.html}, language = {English}, urldate = {2022-10-19} } Malware development: persistence - part 10. Using Image File Execution Options. Simple C++ example.
SUNBURST
2022-09-06cocomelonccocomelonc
@online{cocomelonc:20220906:malware:a09756f, author = {cocomelonc}, title = {{Malware development tricks: parent PID spoofing. Simple C++ example.}}, date = {2022-09-06}, organization = {cocomelonc}, url = {https://cocomelonc.github.io/malware/2022/09/06/malware-tricks-23.html}, language = {English}, urldate = {2022-11-17} } Malware development tricks: parent PID spoofing. Simple C++ example.
Cobalt Strike Konni
2022-08-26cocomelonc
@online{cocomelonc:20220826:malware:c330f1e, author = {cocomelonc}, title = {{Malware development: persistence - part 9. Default file extension hijacking. Simple C++ example.}}, date = {2022-08-26}, url = {https://cocomelonc.github.io/malware/2022/08/26/malware-pers-9.html}, language = {English}, urldate = {2022-12-01} } Malware development: persistence - part 9. Default file extension hijacking. Simple C++ example.
Kimsuky
2022-07-30cocomelonc
@online{cocomelonc:20220730:malware:0f84be1, author = {cocomelonc}, title = {{Malware AV evasion - part 8. Encode payload via Z85}}, date = {2022-07-30}, url = {https://cocomelonc.github.io/malware/2022/07/30/malware-av-evasion-8.html}, language = {English}, urldate = {2022-12-01} } Malware AV evasion - part 8. Encode payload via Z85
Agent Tesla Carbanak Carberp Cardinal RAT Cobalt Strike donut_injector
2022-07-21cocomelonc
@online{cocomelonc:20220721:malware:b5c2a4d, author = {cocomelonc}, title = {{Malware development tricks. Run shellcode like a Lazarus Group. C++ example.}}, date = {2022-07-21}, url = {https://cocomelonc.github.io/malware/2022/07/21/malware-tricks-22.html}, language = {English}, urldate = {2022-10-17} } Malware development tricks. Run shellcode like a Lazarus Group. C++ example.
2022-06-12cocomelonc
@online{cocomelonc:20220612:malware:e988236, author = {cocomelonc}, title = {{Malware development: persistence - part 7. Winlogon. Simple C++ example.}}, date = {2022-06-12}, url = {https://cocomelonc.github.io/tutorial/2022/06/12/malware-pers-7.html}, language = {English}, urldate = {2022-12-01} } Malware development: persistence - part 7. Winlogon. Simple C++ example.
BazarBackdoor Gazer TurlaRPC Turla SilentMoon
2022-05-22cocomelonccocomelonc
@online{cocomelonc:20220522:malware:b0a0669, author = {cocomelonc}, title = {{Malware development trick - part 29: Store binary data in registry. Simple C++ example.}}, date = {2022-05-22}, organization = {cocomelonc}, url = {https://cocomelonc.github.io/malware/2023/05/22/malware-tricks-29.html}, language = {English}, urldate = {2023-05-23} } Malware development trick - part 29: Store binary data in registry. Simple C++ example.
Turla RAT PILLOWMINT PipeMon
2022-05-16cocomelonccocomelonc
@online{cocomelonc:20220516:malware:ae31bde, author = {cocomelonc}, title = {{Malware development: persistence - part 6. Windows netsh helper DLL. Simple C++ example.}}, date = {2022-05-16}, organization = {cocomelonc}, url = {https://cocomelonc.github.io/tutorial/2022/05/16/malware-pers-5.html}, language = {English}, urldate = {2022-12-01} } Malware development: persistence - part 6. Windows netsh helper DLL. Simple C++ example.
CherryPicker POS Ramsay
2022-05-09cocomelonccocomelonc
@online{cocomelonc:20220509:malware:1cdee23, author = {cocomelonc}, title = {{Malware development: persistence - part 4. Windows services. Simple C++ example.}}, date = {2022-05-09}, organization = {cocomelonc}, url = {https://cocomelonc.github.io/tutorial/2022/05/09/malware-pers-4.html}, language = {English}, urldate = {2022-12-01} } Malware development: persistence - part 4. Windows services. Simple C++ example.
Anchor AppleJeus Attor BBSRAT BlackEnergy Carbanak Cobalt Strike DuQu
2022-05-02cocomelonccocomelonc
@online{cocomelonc:20220502:malware:4384b01, author = {cocomelonc}, title = {{Malware development: persistence - part 3. COM DLL hijack. Simple C++ example}}, date = {2022-05-02}, organization = {cocomelonc}, url = {https://cocomelonc.github.io/tutorial/2022/05/02/malware-pers-3.html}, language = {English}, urldate = {2022-12-01} } Malware development: persistence - part 3. COM DLL hijack. Simple C++ example
Agent.BTZ Ave Maria Konni Mosquito TurlaRPC
2022-04-26cocomelonccocomelonc
@online{cocomelonc:20220426:malware:a69279c, author = {cocomelonc}, title = {{Malware development: persistence - part 2. Screensaver hijack. C++ example.}}, date = {2022-04-26}, organization = {cocomelonc}, url = {https://cocomelonc.github.io/tutorial/2022/04/26/malware-pers-2.html}, language = {English}, urldate = {2022-12-01} } Malware development: persistence - part 2. Screensaver hijack. C++ example.
Gazer
2022-04-20cocomelonccocomelonc
@online{cocomelonc:20220420:malware:b20963e, author = {cocomelonc}, title = {{Malware development: persistence - part 1. Registry run keys. C++ example.}}, date = {2022-04-20}, organization = {cocomelonc}, url = {https://cocomelonc.github.io/tutorial/2022/04/20/malware-pers-1.html}, language = {English}, urldate = {2022-12-01} } Malware development: persistence - part 1. Registry run keys. C++ example.
Agent Tesla Amadey BlackEnergy Cobian RAT COZYDUKE Emotet Empire Downloader Kimsuky
2022-04-11cocomelonc
@online{cocomelonc:20220411:conti:a30496a, author = {cocomelonc}, title = {{Conti ransomware source code investigation - part 2}}, date = {2022-04-11}, url = {https://cocomelonc.github.io/investigation/2022/04/11/malw-inv-conti-2.html}, language = {English}, urldate = {2022-09-27} } Conti ransomware source code investigation - part 2
Conti
2022-04-02Github (cocomelonc)cocomelonc
@online{cocomelonc:20220402:malware:48c405d, author = {cocomelonc}, title = {{Malware development tricks. Find kernel32.dll base: asm style. C++ example.}}, date = {2022-04-02}, organization = {Github (cocomelonc)}, url = {https://cocomelonc.github.io/tutorial/2022/04/02/malware-injection-18.html}, language = {English}, urldate = {2022-04-07} } Malware development tricks. Find kernel32.dll base: asm style. C++ example.
Conti
2022-03-27cocomelonc
@online{cocomelonc:20220327:conti:07dddfb, author = {cocomelonc}, title = {{Conti ransomware source code investigation - part 1}}, date = {2022-03-27}, url = {https://cocomelonc.github.io/investigation/2022/03/27/malw-inv-conti-1.html}, language = {English}, urldate = {2022-09-27} } Conti ransomware source code investigation - part 1
Conti
2021-09-06cocomelonccocomelonc
@online{cocomelonc:20210906:av:215e5aa, author = {cocomelonc}, title = {{AV engines evasion for C++ simple malware: part 2}}, date = {2021-09-06}, organization = {cocomelonc}, url = {https://cocomelonc.github.io/tutorial/2021/09/06/simple-malware-av-evasion-2.html}, language = {English}, urldate = {2022-11-28} } AV engines evasion for C++ simple malware: part 2
Agent Tesla Amadey Anchor Carbanak Carberp Cardinal RAT Felixroot Konni Loki Password Stealer (PWS) Maze Unidentified 090 (Lazarus)