Click here to download all references as Bib-File.•
| 2022-11-05
⋅
cocomelonc
⋅
Malware analysis: part 6. Shannon entropy. Simple python script. |
| 2022-10-28
⋅
cocomelonc
⋅
APT techniques: Token theft via UpdateProcThreadAttribute. Simple C++ example. |
| 2022-09-30
⋅
cocomelonc
⋅
Malware development: persistence - part 12. Accessibility Features. Simple C++ example. |
| 2022-09-25
⋅
cocomelonc
⋅
APT techniques: Access Token manipulation. Token theft. Simple C++ example. |
| 2022-09-20
⋅
Malware development: persistence - part 11. Powershell profile. Simple C++ example. Turla RAT TurlaRPC |
| 2022-09-10
⋅
Malware development: persistence - part 10. Using Image File Execution Options. Simple C++ example. SUNBURST |
| 2022-09-06
⋅
cocomelonc
⋅
Malware development tricks: parent PID spoofing. Simple C++ example. Cobalt Strike Konni |
| 2022-08-26
⋅
Malware development: persistence - part 9. Default file extension hijacking. Simple C++ example. Kimsuky |
| 2022-07-30
⋅
Malware AV evasion - part 8. Encode payload via Z85 Agent Tesla Carbanak Carberp Cardinal RAT Cobalt Strike donut_injector |
| 2022-07-21
⋅
Malware development tricks. Run shellcode like a Lazarus Group. C++ example. |
| 2022-06-12
⋅
Malware development: persistence - part 7. Winlogon. Simple C++ example. BazarBackdoor Gazer TurlaRPC Turla SilentMoon |
| 2022-05-22
⋅
cocomelonc
⋅
Malware development trick - part 29: Store binary data in registry. Simple C++ example. Turla RAT PILLOWMINT PipeMon |
| 2022-05-16
⋅
cocomelonc
⋅
Malware development: persistence - part 6. Windows netsh helper DLL. Simple C++ example. CherryPicker POS Ramsay |
| 2022-05-09
⋅
cocomelonc
⋅
Malware development: persistence - part 4. Windows services. Simple C++ example. Anchor AppleJeus Attor BBSRAT BlackEnergy Carbanak Cobalt Strike DuQu |
| 2022-05-02
⋅
cocomelonc
⋅
Malware development: persistence - part 3. COM DLL hijack. Simple C++ example Agent.BTZ Ave Maria Konni Mosquito TurlaRPC |
| 2022-04-26
⋅
cocomelonc
⋅
Malware development: persistence - part 2. Screensaver hijack. C++ example. Gazer |
| 2022-04-20
⋅
cocomelonc
⋅
Malware development: persistence - part 1. Registry run keys. C++ example. Agent Tesla Amadey BlackEnergy Cobian RAT COZYDUKE Emotet Empire Downloader Kimsuky |
| 2022-04-11
⋅
Conti ransomware source code investigation - part 2 Conti |
| 2022-04-02
⋅
Github (cocomelonc)
⋅
Malware development tricks. Find kernel32.dll base: asm style. C++ example. Conti |
| 2022-03-27
⋅
Conti ransomware source code investigation - part 1 Conti |
| 2021-09-06
⋅
cocomelonc
⋅
AV engines evasion for C++ simple malware: part 2 Agent Tesla Amadey Anchor AnchorMTea Carbanak Carberp Cardinal RAT Felixroot Konni Loki Password Stealer (PWS) Maze |
| 2021-09-04
⋅
cocomelonc
⋅
AV engines evasion for C++ simple malware: part 1 4h_rat Azorult BADCALL BadNews BazarBackdoor Cardinal RAT |