Click here to download all references as Bib-File.•
2023-12-08
⋅
Twitter (@embee_research)
⋅
Ghidra Basics - Manual Shellcode Analysis and C2 Extraction Cobalt Strike |
2023-12-06
⋅
Twitter (@embee_research)
⋅
Ghidra Basics - Identifying, Decoding and Fixing Encrypted Strings Vidar |
2023-11-30
⋅
Twitter (@embee_research)
⋅
Advanced Threat Intel Queries - Catching 83 Qakbot Servers with Regex, Censys and TLS Certificates QakBot |
2023-11-27
⋅
Twitter (@embee_research)
⋅
Building Threat Intel Queries Utilising Regex and TLS Certificates - (BianLian) BianLian |
2023-11-26
⋅
Twitter (@embee_research)
⋅
Identifying Suspected PrivateLoader Servers with Censys PrivateLoader |
2023-11-22
⋅
Twitter (@embee_research)
⋅
Practical Queries for Malware Infrastructure - Part 3 (Advanced Examples) BianLian Xtreme RAT NjRAT QakBot RedLine Stealer Remcos |
2023-11-19
⋅
Twitter (@embee_research)
⋅
Combining Pivot Points to Identify Malware Infrastructure - Redline, Smokeloader and Cobalt Strike Amadey Cobalt Strike RedLine Stealer SmokeLoader |
2023-11-15
⋅
Twitter (@embee_research)
⋅
Identifying Simple Pivot Points in Malware Infrastructure - RisePro Stealer RedLine Stealer RisePro |
2023-11-06
⋅
Twitter (@embee_research)
⋅
Unpacking Malware With Hardware Breakpoints - Cobalt Strike Cobalt Strike |
2023-11-01
⋅
Twitter (@embee_research)
⋅
Malware Unpacking With Memory Dumps - Intermediate Methods (Pe-Sieve, Process Hacker, Hxd and Pe-bear) AsyncRAT |
2023-10-30
⋅
Twitter (@embee_research)
⋅
Unpacking .NET Malware With Process Hacker and Dnspy AsyncRAT |
2023-10-27
⋅
Twitter (@embee_research)
⋅
Remcos Downloader Analysis - Manual Deobfuscation of Visual Basic and Powershell Remcos |
2023-10-23
⋅
Twitter (@embee_research)
⋅
Cobalt Strike .VBS Loader - Decoding with Advanced CyberChef and Emulation Cobalt Strike |
2023-10-20
⋅
Twitter (@embee_research)
⋅
Decoding a Cobalt Strike .hta Loader Using CyberChef and Emulation Cobalt Strike |
2023-10-18
⋅
Twitter (@embee_research)
⋅
Ghidra Tutorial - Using Entropy To Locate a Cobalt Strike Decryption Function Cobalt Strike |
2023-10-16
⋅
Twitter (@embee_research)
⋅
Decoding a Simple Visual Basic (.vbs) Script - DarkGate Loader DarkGate |
2023-10-13
⋅
Twitter (@JAMESWT_MHT)
⋅
Tweets on Wikiloader delivering ISFB ISFB WikiLoader |
2023-10-10
⋅
Twitter (@embee_research)
⋅
How To Develop Yara Rules for .NET Malware Using IL ByteCodes RedLine Stealer |
2023-10-05
⋅
Twitter (@embee_research)
⋅
Introduction to DotNet Configuration Extraction - RevengeRAT Revenge RAT |
2023-10-04
⋅
Twitter (@embee_research)
⋅
Developing Yara Signatures for Malware - Practical Examples DarkGate Lu0Bot |