Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2021-08-24CitizenLabBill Marczak, Ali Abdulemam, Noura Al-Jizawi, Siena Anstis, Kristin Berdan, John Scott-Railton, Ron Deibert
@online{marczak:20210824:from:6363bde, author = {Bill Marczak and Ali Abdulemam and Noura Al-Jizawi and Siena Anstis and Kristin Berdan and John Scott-Railton and Ron Deibert}, title = {{From Pearl to Pegasus Bahraini Government Hacks Activists with NSO Group Zero-Click iPhone Exploits}}, date = {2021-08-24}, organization = {CitizenLab}, url = {https://citizenlab.ca/2021/08/bahrain-hacks-activists-with-nso-group-zero-click-iphone-exploits/}, language = {English}, urldate = {2021-08-24} } From Pearl to Pegasus Bahraini Government Hacks Activists with NSO Group Zero-Click iPhone Exploits
Chrysaor
2021-08-19Huntress LabsJohn Hammond
@online{hammond:20210819:microsoft:a25f571, author = {John Hammond}, title = {{Microsoft Exchange Servers Still Vulnerable to ProxyShell Exploit}}, date = {2021-08-19}, organization = {Huntress Labs}, url = {https://www.huntress.com/blog/rapid-response-microsoft-exchange-servers-still-vulnerable-to-proxyshell-exploit}, language = {English}, urldate = {2021-08-25} } Microsoft Exchange Servers Still Vulnerable to ProxyShell Exploit
2021-07-27Youtube (SANS Institute)Katie Nickels, John Hammond
@online{nickels:20210727:sans:7432e9e, author = {Katie Nickels and John Hammond}, title = {{SANS Threat Analysis Rundown - Kaseya VSA attack}}, date = {2021-07-27}, organization = {Youtube (SANS Institute)}, url = {https://www.youtube.com/watch?v=tZVFMVm5GAk}, language = {English}, urldate = {2021-08-02} } SANS Threat Analysis Rundown - Kaseya VSA attack
REvil
2021-07-20Huntress LabsJohn Hammond
@online{hammond:20210720:security:50ec27a, author = {John Hammond}, title = {{Security Researchers’ Hunt to Discover Origins of the Kaseya VSA Mass Ransomware Incident}}, date = {2021-07-20}, organization = {Huntress Labs}, url = {https://www.huntress.com/blog/security-researchers-hunt-to-discover-origins-of-the-kaseya-vsa-mass-ransomware-incident}, language = {English}, urldate = {2021-07-26} } Security Researchers’ Hunt to Discover Origins of the Kaseya VSA Mass Ransomware Incident
REvil
2021-07-19Washington PostJohn Hudson, Ellen Nakashima
@online{hudson:20210719:us:37c4208, author = {John Hudson and Ellen Nakashima}, title = {{U.S., allies accuse China of hacking Microsoft and condoning other cyberattacks (APT40)}}, date = {2021-07-19}, organization = {Washington Post}, url = {https://www.washingtonpost.com/national-security/microsoft-hack-china-biden-nato/2021/07/19/a90ac7b4-e827-11eb-84a2-d93bc0b50294_story.html}, language = {English}, urldate = {2021-07-24} } U.S., allies accuse China of hacking Microsoft and condoning other cyberattacks (APT40)
2021-07-18CitizenLabBill Marczak, John Scott-Railton, Siena Anstis, Ron Deibert
@online{marczak:20210718:independent:f943436, author = {Bill Marczak and John Scott-Railton and Siena Anstis and Ron Deibert}, title = {{Independent Peer Review of Amnesty International’s Forensic Methods for Identifying Pegasus Spyware}}, date = {2021-07-18}, organization = {CitizenLab}, url = {https://citizenlab.ca/2021/07/amnesty-peer-review/}, language = {English}, urldate = {2021-07-21} } Independent Peer Review of Amnesty International’s Forensic Methods for Identifying Pegasus Spyware
Chrysaor
2021-07-15CitizenLabBill Marczak, John Scott-Railton, Kristin Berdan, Bahr Abdul Razzak, Ron Deibert
@online{marczak:20210715:hooking:7f3adbe, author = {Bill Marczak and John Scott-Railton and Kristin Berdan and Bahr Abdul Razzak and Ron Deibert}, title = {{Hooking Candiru Another Mercenary Spyware Vendor Comes into Focus}}, date = {2021-07-15}, organization = {CitizenLab}, url = {https://citizenlab.ca/2021/07/hooking-candiru-another-mercenary-spyware-vendor-comes-into-focus/}, language = {English}, urldate = {2021-07-20} } Hooking Candiru Another Mercenary Spyware Vendor Comes into Focus
Chainshot
2021-07-14Medium TowardsDataScienceJohn “Turbo” Conwell
@online{conwell:20210714:domain:c0fbbdd, author = {John “Turbo” Conwell}, title = {{Domain Blooms: Identifying Domain Name Themes Targeted By Threat Actors}}, date = {2021-07-14}, organization = {Medium TowardsDataScience}, url = {https://towardsdatascience.com/domain-blooms-identifying-domain-name-themes-targeted-by-threat-actors-70942fe506d4}, language = {English}, urldate = {2021-07-20} } Domain Blooms: Identifying Domain Name Themes Targeted By Threat Actors
2021-07-13YouTube (John Hammond)John Hammond
@online{hammond:20210713:jscript:ba194e0, author = {John Hammond}, title = {{JScript Deobfuscation - More WSHRAT (Malware Analysis)}}, date = {2021-07-13}, organization = {YouTube (John Hammond)}, url = {https://www.youtube.com/watch?v=XDAiS6KBDOs}, language = {English}, urldate = {2021-07-26} } JScript Deobfuscation - More WSHRAT (Malware Analysis)
Houdini
2021-07-06paloalto Networks Unit 42John Martineau
@online{martineau:20210706:understanding:b8b39b6, author = {John Martineau}, title = {{Understanding REvil: The Ransomware Gang Behind the Kaseya Attack}}, date = {2021-07-06}, organization = {paloalto Networks Unit 42}, url = {https://unit42.paloaltonetworks.com/revil-threat-actors/}, language = {English}, urldate = {2021-07-08} } Understanding REvil: The Ransomware Gang Behind the Kaseya Attack
Gandcrab REvil
2021-06-01SpecterOpsJonathan Johnson
@online{johnson:20210601:evadere:68fba5e, author = {Jonathan Johnson}, title = {{Evadere Classifications}}, date = {2021-06-01}, organization = {SpecterOps}, url = {https://posts.specterops.io/evadere-classifications-8851a429c94b}, language = {English}, urldate = {2021-06-09} } Evadere Classifications
2021-05-18SophosJohn Shier, Mat Gangwer, Greg Iddon, Peter Mackenzie
@online{shier:20210518:active:f313ac5, author = {John Shier and Mat Gangwer and Greg Iddon and Peter Mackenzie}, title = {{The Active Adversary Playbook 2021}}, date = {2021-05-18}, organization = {Sophos}, url = {https://news.sophos.com/en-us/2021/05/18/the-active-adversary-playbook-2021/?cmp=37153}, language = {English}, urldate = {2021-05-25} } The Active Adversary Playbook 2021
Cobalt Strike MimiKatz
2021-05-13DomainToolsTim Helming, John “Turbo” Conwell
@online{helming:20210513:domain:792cc58, author = {Tim Helming and John “Turbo” Conwell}, title = {{Domain Blooms: Identifying Domain Name Themes Targeted By Threat Actors}}, date = {2021-05-13}, organization = {DomainTools}, url = {https://www.domaintools.com/resources/blog/domain-blooms-identifying-domain-name-themes-targeted-by-threat-actors}, language = {English}, urldate = {2021-05-17} } Domain Blooms: Identifying Domain Name Themes Targeted By Threat Actors
2021-04-22splunkJohn Stoner, Mick Baccio, Katie Brown, James Brodsky, Drew Church, Dave Herrald, Ryan Kovar, Marcus LaFerrera, Michael Natkin
@online{stoner:20210422:supernova:53b895c, author = {John Stoner and Mick Baccio and Katie Brown and James Brodsky and Drew Church and Dave Herrald and Ryan Kovar and Marcus LaFerrera and Michael Natkin}, title = {{SUPERNOVA Redux, with a Generous Portion of Masquerading}}, date = {2021-04-22}, organization = {splunk}, url = {https://www.splunk.com/en_us/blog/security/supernova-redux-with-a-generous-portion-of-masquerading.html}, language = {English}, urldate = {2021-04-28} } SUPERNOVA Redux, with a Generous Portion of Masquerading
SUPERNOVA
2021-04-21splunkDave Herrald, Mick Baccio, James Brodsky, Tamara Chacon, Shannon Davis, Kelly Huang, Ryan Kovar, Marcus LaFerrerra, Michael Natkin, John Stoner, Bill Wright
@online{herrald:20210421:monitoring:088de4c, author = {Dave Herrald and Mick Baccio and James Brodsky and Tamara Chacon and Shannon Davis and Kelly Huang and Ryan Kovar and Marcus LaFerrerra and Michael Natkin and John Stoner and Bill Wright}, title = {{Monitoring Pulse Connect Secure With Splunk (CISA Emergency Directive 21-03)}}, date = {2021-04-21}, organization = {splunk}, url = {https://www.splunk.com/en_us/blog/security/monitoring-pulse-connect-secure-with-splunk-cisa-emergency-directive-21-03.html}, language = {English}, urldate = {2021-04-28} } Monitoring Pulse Connect Secure With Splunk (CISA Emergency Directive 21-03)
2021-04-05Huntress LabsJohn Hammond
@online{hammond:20210405:from:6062bef, author = {John Hammond}, title = {{From PowerShell to Payload: An Analysis of Weaponized Malware}}, date = {2021-04-05}, organization = {Huntress Labs}, url = {https://www.huntress.com/blog/from-powershell-to-payload-an-analysis-of-weaponized-malware}, language = {English}, urldate = {2021-05-26} } From PowerShell to Payload: An Analysis of Weaponized Malware
2021-03-26ImpervaDaniel Johnston
@online{johnston:20210326:imperva:a78367a, author = {Daniel Johnston}, title = {{Imperva Observes Hive of Activity Following Hafnium Microsoft Exchange Disclosures}}, date = {2021-03-26}, organization = {Imperva}, url = {https://www.imperva.com/blog/imperva-observes-hive-of-activity-following-hafnium-microsoft-exchange-disclosures/}, language = {English}, urldate = {2021-03-30} } Imperva Observes Hive of Activity Following Hafnium Microsoft Exchange Disclosures
CHINACHOPPER
2021-03-12splunkJohn Stoner, Mick Baccio, James Brodsky, Shannon Davis, Michael Haag, Amy Heng, Jose Hernandez, Dave Herrald, Derek King, Ryan Kovar, Marcus LaFerrera
@online{stoner:20210312:detecting:b7b189e, author = {John Stoner and Mick Baccio and James Brodsky and Shannon Davis and Michael Haag and Amy Heng and Jose Hernandez and Dave Herrald and Derek King and Ryan Kovar and Marcus LaFerrera}, title = {{Detecting Microsoft Exchange Vulnerabilities - 0 + 8 Days Later…}}, date = {2021-03-12}, organization = {splunk}, url = {https://www.splunk.com/en_us/blog/security/detecting-microsoft-exchange-vulnerabilities-0-8-days-later.html}, language = {English}, urldate = {2021-03-16} } Detecting Microsoft Exchange Vulnerabilities - 0 + 8 Days Later…
2021-03-09YouTube (John Hammond)John Hammond
@online{hammond:20210309:hafnium:dc2de8d, author = {John Hammond}, title = {{HAFNIUM - Post-Exploitation Analysis from Microsoft Exchange}}, date = {2021-03-09}, organization = {YouTube (John Hammond)}, url = {https://www.youtube.com/watch?v=rn-6t7OygGk}, language = {English}, urldate = {2021-03-12} } HAFNIUM - Post-Exploitation Analysis from Microsoft Exchange
CHINACHOPPER
2021-03-03Huntress LabsJohn Hammond
@online{hammond:20210303:rapid:7c97ee5, author = {John Hammond}, title = {{Rapid Response: Mass Exploitation of On-Prem Exchange Servers}}, date = {2021-03-03}, organization = {Huntress Labs}, url = {https://www.huntress.com/blog/rapid-response-mass-exploitation-of-on-prem-exchange-servers}, language = {English}, urldate = {2021-03-10} } Rapid Response: Mass Exploitation of On-Prem Exchange Servers
CHINACHOPPER HAFNIUM