Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2022-08-16Twitter (@ESETresearch)Dominik Breitenbacher, Peter Kálnai
Twitter thread about Operation In(ter)ception for macOS
Interception
2022-07-19Palo Alto Networks Unit 42Mike Harbison, Peter Renals
Russian APT29 Hackers Use Online Storage Services, DropBox and Google Drive
Cobalt Strike EnvyScout Gdrive
2022-07-14SophosAndrew Brandt, Andy French, Bill Kearney, Elida Leite, Harinder Bhathal, Lee Kirkpatrick, Peter Mackenzie, Robert Weiland, Sergio Bestulic
BlackCat ransomware attacks not merely a byproduct of bad luck
BlackCat BlackCat
2022-07-05Palo Alto Networks Unit 42Mike Harbison, Peter Renals
When Pentest Tools Go Brutal: Red-Teaming Tool Being Abused by Malicious Actors
2022-06-06NCC GroupPeter Gurney, Ross Inman
Shining the Light on Black Basta
Black Basta
2022-05-20nccgroupPeter Gurney
Metastealer – filling the Racoon void
MetaStealer
2022-04-12SophosAndrew Brandt, Angela Gunn, Ferenc László Nagy, Johnathan Fern, Linda Smith, Matthew Everts, Mauricio Valdivieso, Melissa Kelly, Peter Mackenzie, Sergio Bestulic
Attackers linger on government agency computers before deploying Lockbit ransomware
LockBit
2021-12-22SophosAnand Ajjan, Andrew Brandt, Ferenc László Nagy, Fraser Howard, Peter Mackenzie, Sergio Bestulic, Timothy Easton
Avos Locker remotely accesses boxes, even running in Safe Mode
AvosLocker
2021-12-20IronNetBrent Eskridge, Michael Leardi, Peter Rydzynski
Detecting anomalous network traffic resulting from a successful Log4j attack
2021-12-16TEAMT5Aragorn Tseng, Charles Li, Peter Syu, Tom Lai
Winnti is Coming - Evolution after Prosecution
Cobalt Strike FishMaster FunnySwitch HIGHNOON ShadowPad Spyder
2021-12-02Palo Alto Networks Unit 42Peter Renals, Robert Falcone
APT Expands Attack on ManageEngine With Active Campaign Against ServiceDesk Plus
Godzilla Webshell
2021-11-29CertitudePeter Wagner
Unpatched Exchange Servers distribute Phishing Links (SquirrelWaffle)
Squirrelwaffle
2021-11-16IronNetIronNet Threat Research, Joey Fitzpatrick, Morgan Demboski, Peter Rydzynski
How IronNet's Behavioral Analytics Detect REvil and Conti Ransomware
Cobalt Strike Conti IcedID REvil
2021-11-07Palo Alto Networks Unit 42Jeff White, Peter Renals, Robert Falcone
Targeted Attack Campaign Against ManageEngine ADSelfService Plus Delivers Godzilla Webshells, NGLite Trojan and KdcSponge Stealer
Godzilla Webshell NGLite
2021-10-12IronNetBrett Fitzpatrick, IronNet Threat Research, Joey Fitzpatrick, Morgan Demboski, Peter Rydzynski
Continued Exploitation of CVE-2021-26084
2021-10-07Aragorn Tseng, Charles Li, Peter Syu, Tom Lai
Evolution after prosecution : Psychedelic APT41
Dizzyvoid
2021-10-07Palo Alto Networks Unit 42Peter Renals
SilverTerrier – Nigerian Business Email Compromise
2021-09-29Trend MicroAliakbar Zahravi, Kamlapati Choubey, Peter Girnus, William Gamazo Sanchez
FormBook Adds Latest Office 365 0-Day Vulnerability (CVE-2021-40444) to Its Arsenal
Formbook
2021-09-03SophosAnand Ajjan, Andrew Ludgate, Gabor Szappanos, Peter Mackenzie, Sean Gallagher, Sergio Bestulic, Syed Zaidi
Conti affiliates use ProxyShell Exchange exploit in ransomware attacks
Cobalt Strike Conti
2021-08-05Twitter (@AltShiftPrtScn)Peter Mackenzie
Tweet on Conti ransomware affiliates using AnyDesk, Atera, Splashtop, Remote Utilities and ScreenConnect to maintain network access
Conti