Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2023-10-23Twitter (@embee_research)Embee_research
Cobalt Strike .VBS Loader - Decoding with Advanced CyberChef and Emulation
Cobalt Strike
2023-10-20Twitter (@embee_research)Embee_research
Decoding a Cobalt Strike .hta Loader Using CyberChef and Emulation
Cobalt Strike
2023-10-18Twitter (@embee_research)Embee_research
Ghidra Tutorial - Using Entropy To Locate a Cobalt Strike Decryption Function
Cobalt Strike
2023-10-16Twitter (@embee_research)Embee_research
Decoding a Simple Visual Basic (.vbs) Script - DarkGate Loader
DarkGate
2023-10-10Twitter (@embee_research)Embee_research
How To Develop Yara Rules for .NET Malware Using IL ByteCodes
RedLine Stealer
2023-10-05Twitter (@embee_research)Embee_research
Introduction to DotNet Configuration Extraction - RevengeRAT
Revenge RAT
2023-10-04Twitter (@embee_research)Embee_research
Developing Yara Signatures for Malware - Practical Examples
DarkGate Lu0Bot
2023-08-23Twitter (@embee_research)Embee_research, Huntress Labs
Extracting Xworm from Bloated Golang Executable
XWorm
2023-07-11Twitter (@embee_research)Embee_research
Tweets on Ransomware Infrastructure Analysis With Censys and GrabbrApp
DarkSide
2023-06-24Twitter (@embee_research)Embee_research
SmokeLoader - Malware Analysis and Decoding With Procmon
SmokeLoader
2023-06-08Twitter (@embee_research)Embee_research
Practical Queries for Identifying Malware Infrastructure: An informal page for storing Censys/Shodan queries
Amadey AsyncRAT Cobalt Strike QakBot Quasar RAT Sliver solarmarker
2023-05-19Twitter (@embee_research)Embee_research
Analysis of Amadey Bot Infrastructure Using Shodan
Amadey
2023-05-18Twitter (@embee_research)Embee_research
Identifying Laplas Infrastructure Using Shodan and Censys
LaplasClipper
2023-05-15embeeresearchEmbee_research
Quasar Rat Analysis - Identification of 64 Quasar Servers Using Shodan and Censys
Quasar RAT
2023-05-07Twitter (@embee_research)Matthew
AgentTesla - Full Loader Analysis - Resolving API Hashes Using Conditional Breakpoints
Agent Tesla
2023-04-10Twitter (@embee_research)Matthew
Redline Stealer - Static Analysis and C2 Extraction
Amadey RedLine Stealer
2023-04-08Twitter (@embee_research)Embee_research
Dcrat - Manual De-obfuscation of .NET Malware
DCRat
2023-02-02YouTube (Embee Research)Embee_research
Xworm Loader Analysis - Decoding Malware Scripts and Extracting C2's with DnSpy and CyberChef
XWorm
2023-01-09YouTube (Embee Research)Embee_research
Malware Analysis - VBS Decoding With Cyberchef (Nanocore Loader)
Nanocore RAT
2022-11-14Twitter (@embee_research)Matthew
Twitter thread on Yara Signatures for Qakbot Encryption Routines
IcedID QakBot
2022-10-12Twitter (@embee_research)Embee_research, Huntress Labs
Tweets on detection of Brute Ratel via API Hashes
Brute Ratel C4
2022-10-11Twitter (@embee_research)Embee_research, Huntress Labs
Tweet on Havoc C2 - Static Detection Via Ntdll API Hashes
Havoc