Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2021-07-18CitizenLabBill Marczak, John Scott-Railton, Siena Anstis, Ron Deibert
@online{marczak:20210718:independent:f943436, author = {Bill Marczak and John Scott-Railton and Siena Anstis and Ron Deibert}, title = {{Independent Peer Review of Amnesty International’s Forensic Methods for Identifying Pegasus Spyware}}, date = {2021-07-18}, organization = {CitizenLab}, url = {https://citizenlab.ca/2021/07/amnesty-peer-review/}, language = {English}, urldate = {2021-07-21} } Independent Peer Review of Amnesty International’s Forensic Methods for Identifying Pegasus Spyware
Chrysaor
2021-07-15CitizenLabBill Marczak, John Scott-Railton, Kristin Berdan, Bahr Abdul Razzak, Ron Deibert
@online{marczak:20210715:hooking:7f3adbe, author = {Bill Marczak and John Scott-Railton and Kristin Berdan and Bahr Abdul Razzak and Ron Deibert}, title = {{Hooking Candiru Another Mercenary Spyware Vendor Comes into Focus}}, date = {2021-07-15}, organization = {CitizenLab}, url = {https://citizenlab.ca/2021/07/hooking-candiru-another-mercenary-spyware-vendor-comes-into-focus/}, language = {English}, urldate = {2021-07-20} } Hooking Candiru Another Mercenary Spyware Vendor Comes into Focus
Chainshot
2021-07-14Medium TowardsDataScienceJohn “Turbo” Conwell
@online{conwell:20210714:domain:c0fbbdd, author = {John “Turbo” Conwell}, title = {{Domain Blooms: Identifying Domain Name Themes Targeted By Threat Actors}}, date = {2021-07-14}, organization = {Medium TowardsDataScience}, url = {https://towardsdatascience.com/domain-blooms-identifying-domain-name-themes-targeted-by-threat-actors-70942fe506d4}, language = {English}, urldate = {2021-07-20} } Domain Blooms: Identifying Domain Name Themes Targeted By Threat Actors
2021-07-13YouTube (John Hammond)John Hammond
@online{hammond:20210713:jscript:ba194e0, author = {John Hammond}, title = {{JScript Deobfuscation - More WSHRAT (Malware Analysis)}}, date = {2021-07-13}, organization = {YouTube (John Hammond)}, url = {https://www.youtube.com/watch?v=XDAiS6KBDOs}, language = {English}, urldate = {2021-07-26} } JScript Deobfuscation - More WSHRAT (Malware Analysis)
Houdini
2021-07-06paloalto Networks Unit 42John Martineau
@online{martineau:20210706:understanding:b8b39b6, author = {John Martineau}, title = {{Understanding REvil: The Ransomware Gang Behind the Kaseya Attack}}, date = {2021-07-06}, organization = {paloalto Networks Unit 42}, url = {https://unit42.paloaltonetworks.com/revil-threat-actors/}, language = {English}, urldate = {2021-07-08} } Understanding REvil: The Ransomware Gang Behind the Kaseya Attack
Gandcrab REvil
2021-06-01SpecterOpsJonathan Johnson
@online{johnson:20210601:evadere:68fba5e, author = {Jonathan Johnson}, title = {{Evadere Classifications}}, date = {2021-06-01}, organization = {SpecterOps}, url = {https://posts.specterops.io/evadere-classifications-8851a429c94b}, language = {English}, urldate = {2021-06-09} } Evadere Classifications
2021-05-18SophosJohn Shier, Mat Gangwer, Greg Iddon, Peter Mackenzie
@online{shier:20210518:active:f313ac5, author = {John Shier and Mat Gangwer and Greg Iddon and Peter Mackenzie}, title = {{The Active Adversary Playbook 2021}}, date = {2021-05-18}, organization = {Sophos}, url = {https://news.sophos.com/en-us/2021/05/18/the-active-adversary-playbook-2021/?cmp=37153}, language = {English}, urldate = {2021-05-25} } The Active Adversary Playbook 2021
Cobalt Strike MimiKatz
2021-05-13DomainToolsTim Helming, John “Turbo” Conwell
@online{helming:20210513:domain:792cc58, author = {Tim Helming and John “Turbo” Conwell}, title = {{Domain Blooms: Identifying Domain Name Themes Targeted By Threat Actors}}, date = {2021-05-13}, organization = {DomainTools}, url = {https://www.domaintools.com/resources/blog/domain-blooms-identifying-domain-name-themes-targeted-by-threat-actors}, language = {English}, urldate = {2021-05-17} } Domain Blooms: Identifying Domain Name Themes Targeted By Threat Actors
2021-04-22splunkJohn Stoner, Mick Baccio, Katie Brown, James Brodsky, Drew Church, Dave Herrald, Ryan Kovar, Marcus LaFerrera, Michael Natkin
@online{stoner:20210422:supernova:53b895c, author = {John Stoner and Mick Baccio and Katie Brown and James Brodsky and Drew Church and Dave Herrald and Ryan Kovar and Marcus LaFerrera and Michael Natkin}, title = {{SUPERNOVA Redux, with a Generous Portion of Masquerading}}, date = {2021-04-22}, organization = {splunk}, url = {https://www.splunk.com/en_us/blog/security/supernova-redux-with-a-generous-portion-of-masquerading.html}, language = {English}, urldate = {2021-04-28} } SUPERNOVA Redux, with a Generous Portion of Masquerading
SUPERNOVA
2021-04-21splunkDave Herrald, Mick Baccio, James Brodsky, Tamara Chacon, Shannon Davis, Kelly Huang, Ryan Kovar, Marcus LaFerrerra, Michael Natkin, John Stoner, Bill Wright
@online{herrald:20210421:monitoring:088de4c, author = {Dave Herrald and Mick Baccio and James Brodsky and Tamara Chacon and Shannon Davis and Kelly Huang and Ryan Kovar and Marcus LaFerrerra and Michael Natkin and John Stoner and Bill Wright}, title = {{Monitoring Pulse Connect Secure With Splunk (CISA Emergency Directive 21-03)}}, date = {2021-04-21}, organization = {splunk}, url = {https://www.splunk.com/en_us/blog/security/monitoring-pulse-connect-secure-with-splunk-cisa-emergency-directive-21-03.html}, language = {English}, urldate = {2021-04-28} } Monitoring Pulse Connect Secure With Splunk (CISA Emergency Directive 21-03)
2021-04-05Huntress LabsJohn Hammond
@online{hammond:20210405:from:6062bef, author = {John Hammond}, title = {{From PowerShell to Payload: An Analysis of Weaponized Malware}}, date = {2021-04-05}, organization = {Huntress Labs}, url = {https://www.huntress.com/blog/from-powershell-to-payload-an-analysis-of-weaponized-malware}, language = {English}, urldate = {2021-05-26} } From PowerShell to Payload: An Analysis of Weaponized Malware
2021-03-26ImpervaDaniel Johnston
@online{johnston:20210326:imperva:a78367a, author = {Daniel Johnston}, title = {{Imperva Observes Hive of Activity Following Hafnium Microsoft Exchange Disclosures}}, date = {2021-03-26}, organization = {Imperva}, url = {https://www.imperva.com/blog/imperva-observes-hive-of-activity-following-hafnium-microsoft-exchange-disclosures/}, language = {English}, urldate = {2021-03-30} } Imperva Observes Hive of Activity Following Hafnium Microsoft Exchange Disclosures
CHINACHOPPER
2021-03-12splunkJohn Stoner, Mick Baccio, James Brodsky, Shannon Davis, Michael Haag, Amy Heng, Jose Hernandez, Dave Herrald, Derek King, Ryan Kovar, Marcus LaFerrera
@online{stoner:20210312:detecting:b7b189e, author = {John Stoner and Mick Baccio and James Brodsky and Shannon Davis and Michael Haag and Amy Heng and Jose Hernandez and Dave Herrald and Derek King and Ryan Kovar and Marcus LaFerrera}, title = {{Detecting Microsoft Exchange Vulnerabilities - 0 + 8 Days Later…}}, date = {2021-03-12}, organization = {splunk}, url = {https://www.splunk.com/en_us/blog/security/detecting-microsoft-exchange-vulnerabilities-0-8-days-later.html}, language = {English}, urldate = {2021-03-16} } Detecting Microsoft Exchange Vulnerabilities - 0 + 8 Days Later…
2021-03-09YouTube (John Hammond)John Hammond
@online{hammond:20210309:hafnium:dc2de8d, author = {John Hammond}, title = {{HAFNIUM - Post-Exploitation Analysis from Microsoft Exchange}}, date = {2021-03-09}, organization = {YouTube (John Hammond)}, url = {https://www.youtube.com/watch?v=rn-6t7OygGk}, language = {English}, urldate = {2021-03-12} } HAFNIUM - Post-Exploitation Analysis from Microsoft Exchange
CHINACHOPPER
2021-03-03Huntress LabsJohn Hammond
@online{hammond:20210303:rapid:7c97ee5, author = {John Hammond}, title = {{Rapid Response: Mass Exploitation of On-Prem Exchange Servers}}, date = {2021-03-03}, organization = {Huntress Labs}, url = {https://www.huntress.com/blog/rapid-response-mass-exploitation-of-on-prem-exchange-servers}, language = {English}, urldate = {2021-03-10} } Rapid Response: Mass Exploitation of On-Prem Exchange Servers
CHINACHOPPER HAFNIUM
2021-03-01YouTube (John Hammond)John Hammond
@online{hammond:20210301:mozi:5b3568d, author = {John Hammond}, title = {{Mozi Malware - Finding Breadcrumbs...}}, date = {2021-03-01}, organization = {YouTube (John Hammond)}, url = {https://www.youtube.com/watch?v=cDFO_MRlg3M}, language = {English}, urldate = {2022-02-19} } Mozi Malware - Finding Breadcrumbs...
Mozi
2021-02-24McAfeeAlexandre Mundo, Thibault Seret, Thomas Roccia, John Fokker
@techreport{mundo:20210224:technical:4d09445, author = {Alexandre Mundo and Thibault Seret and Thomas Roccia and John Fokker}, title = {{Technical Analysis of Babuk Ransomware}}, date = {2021-02-24}, institution = {McAfee}, url = {https://www.mcafee.com/enterprise/en-us/assets/reports/rp-babuk-ransomware.pdf}, language = {English}, urldate = {2021-02-25} } Technical Analysis of Babuk Ransomware
Babuk
2021-01-28Huntress LabsJohn Hammond
@techreport{hammond:20210128:analyzing:2f8dae2, author = {John Hammond}, title = {{Analyzing Ryuk Another Link in the Cyber Attack Chain}}, date = {2021-01-28}, institution = {Huntress Labs}, url = {https://storage.pardot.com/652283/16118467480sqebwq7/MSP_Security_Summit___John_Hammond_Huntress___Analyzing_Ryuk.pdf}, language = {English}, urldate = {2021-01-29} } Analyzing Ryuk Another Link in the Cyber Attack Chain
BazarBackdoor Ryuk
2021-01-12BrightTALK (FireEye)Ben Read, John Hultquist
@online{read:20210112:unc2452:6e54c6c, author = {Ben Read and John Hultquist}, title = {{UNC2452: What We Know So Far}}, date = {2021-01-12}, organization = {BrightTALK (FireEye)}, url = {https://www.brighttalk.com/webcast/7451/462719}, language = {English}, urldate = {2021-01-18} } UNC2452: What We Know So Far
Cobalt Strike SUNBURST TEARDROP
2021-01-08splunkMarcus LaFerrera, John Stoner, Lily Lee, James Brodsky, Ryan Kovar
@online{laferrera:20210108:golden:d31442a, author = {Marcus LaFerrera and John Stoner and Lily Lee and James Brodsky and Ryan Kovar}, title = {{A Golden SAML Journey: SolarWinds Continued}}, date = {2021-01-08}, organization = {splunk}, url = {https://www.splunk.com/en_us/blog/security/a-golden-saml-journey-solarwinds-continued.html}, language = {English}, urldate = {2021-01-11} } A Golden SAML Journey: SolarWinds Continued
SUNBURST