Click here to download all references as Bib-File.•
| 2023-11-15
⋅
Twitter (@embee_research)
⋅
Identifying Simple Pivot Points in Malware Infrastructure - RisePro Stealer RedLine Stealer RisePro |
| 2023-11-06
⋅
Twitter (@embee_research)
⋅
Unpacking Malware With Hardware Breakpoints - Cobalt Strike Cobalt Strike |
| 2023-11-01
⋅
Twitter (@embee_research)
⋅
Malware Unpacking With Memory Dumps - Intermediate Methods (Pe-Sieve, Process Hacker, Hxd and Pe-bear) AsyncRAT |
| 2023-10-30
⋅
Twitter (@embee_research)
⋅
Unpacking .NET Malware With Process Hacker and Dnspy AsyncRAT |
| 2023-10-27
⋅
Twitter (@embee_research)
⋅
Remcos Downloader Analysis - Manual Deobfuscation of Visual Basic and Powershell Remcos |
| 2023-10-23
⋅
Twitter (@embee_research)
⋅
Cobalt Strike .VBS Loader - Decoding with Advanced CyberChef and Emulation Cobalt Strike |
| 2023-10-20
⋅
Twitter (@embee_research)
⋅
Decoding a Cobalt Strike .hta Loader Using CyberChef and Emulation Cobalt Strike |
| 2023-10-18
⋅
Twitter (@embee_research)
⋅
Ghidra Tutorial - Using Entropy To Locate a Cobalt Strike Decryption Function Cobalt Strike |
| 2023-10-16
⋅
Twitter (@embee_research)
⋅
Decoding a Simple Visual Basic (.vbs) Script - DarkGate Loader DarkGate |
| 2023-10-10
⋅
Twitter (@embee_research)
⋅
How To Develop Yara Rules for .NET Malware Using IL ByteCodes RedLine Stealer |
| 2023-10-05
⋅
Twitter (@embee_research)
⋅
Introduction to DotNet Configuration Extraction - RevengeRAT Revenge RAT |
| 2023-10-04
⋅
Twitter (@embee_research)
⋅
Developing Yara Signatures for Malware - Practical Examples DarkGate Lu0Bot |
| 2023-08-23
⋅
Twitter (@embee_research)
⋅
Extracting Xworm from Bloated Golang Executable XWorm |
| 2023-07-11
⋅
Twitter (@embee_research)
⋅
Tweets on Ransomware Infrastructure Analysis With Censys and GrabbrApp DarkSide |
| 2023-06-24
⋅
Twitter (@embee_research)
⋅
SmokeLoader - Malware Analysis and Decoding With Procmon SmokeLoader |
| 2023-06-08
⋅
Twitter (@embee_research)
⋅
Practical Queries for Identifying Malware Infrastructure: An informal page for storing Censys/Shodan queries Amadey AsyncRAT Cobalt Strike QakBot Quasar RAT Sliver solarmarker |
| 2023-05-19
⋅
Twitter (@embee_research)
⋅
Analysis of Amadey Bot Infrastructure Using Shodan Amadey |
| 2023-05-18
⋅
Twitter (@embee_research)
⋅
Identifying Laplas Infrastructure Using Shodan and Censys LaplasClipper |
| 2023-05-07
⋅
Twitter (@embee_research)
⋅
AgentTesla - Full Loader Analysis - Resolving API Hashes Using Conditional Breakpoints Agent Tesla |
| 2023-04-10
⋅
Twitter (@embee_research)
⋅
Redline Stealer - Static Analysis and C2 Extraction Amadey RedLine Stealer |
| 2023-04-08
⋅
Twitter (@embee_research)
⋅
Dcrat - Manual De-obfuscation of .NET Malware DCRat |
| 2022-11-14
⋅
Twitter (@embee_research)
⋅
Twitter thread on Yara Signatures for Qakbot Encryption Routines IcedID QakBot |
| 2022-10-12
⋅
Twitter (@embee_research)
⋅
Tweets on detection of Brute Ratel via API Hashes Brute Ratel C4 |
| 2022-10-11
⋅
Twitter (@embee_research)
⋅
Tweet on Havoc C2 - Static Detection Via Ntdll API Hashes Havoc |