Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2021-05-01Marco Ramilli's BlogMarco Ramilli
Muddywater: Binder Project
2021-04-23xorl %eax, %eaxAnastasios Pingios
Analysis of the CardingMafia March 2021 data breach
2021-04-22splunkDave Herrald, Drew Church, James Brodsky, John Stoner, Katie Brown, Marcus LaFerrera, Michael Natkin, Mick Baccio, Ryan Kovar
SUPERNOVA Redux, with a Generous Portion of Masquerading
2021-04-21splunkBill Wright, Dave Herrald, James Brodsky, John Stoner, Kelly Huang, Marcus LaFerrerra, Michael Natkin, Mick Baccio, Ryan Kovar, Shannon Davis, Tamara Chacon
Monitoring Pulse Connect Secure With Splunk (CISA Emergency Directive 21-03)
2021-04-19Sentinel LABSMarco Figueroa
A Deep Dive into Zebrocy’s Dropper Docs
2021-04-16Team CymruJoshua Picolet
Transparent Tribe APT Infrastructure Mapping Part 1: A High-Level Study of CrimsonRAT Infrastructure October 2020 – March 2021
Crimson RAT
2021-04-12Trend MicroDon Ovid Ladores, Frankylnn Uy, Junestherry Salvador, Lala Manly, Raphael Centeno
A Spike in BazarCall and IcedID Activity Detected in March
BazarBackdoor IcedID
March 2021 Coordinated Inauthentic Behavior Report
2021-03-15MicrosoftMicrosoft Security Response Center
One-Click Microsoft Exchange On-Premises Mitigation Tool – March 2021
2021-03-12splunkAmy Heng, Dave Herrald, Derek King, James Brodsky, John Stoner, Jose Hernandez, Marcus LaFerrera, Michael Haag, Mick Baccio, Ryan Kovar, Shannon Davis
Detecting Microsoft Exchange Vulnerabilities - 0 + 8 Days Later…
2021-03-09MicrosoftMSRC Team
Microsoft Exchange Server Vulnerabilities Mitigations – updated March 9, 2021
2021-03-02MicrosoftMSRC Team
Multiple Security Updates Released for Exchange Server – updated March 8, 2021
2021-02-02ESET ResearchIgnacio Sanmillan, Marc-Etienne M.Léveillé
Kobalos – A complex Linux threat to high performance computing infrastructure
2021-01-22Trimarc SecurityScott W Blake
LDAP Channel Binding and Signing
2021-01-19MalwarebytesMarcin Kleczynski
Malwarebytes targeted by Nation State Actor implicated in SolarWinds breach. Evidence suggests abuse of privileged access to Microsoft Office 365 and Azure environments
2021-01-09Marco Ramilli's BlogMarco Ramilli
Command and Control Traffic Patterns
ostap LaZagne Agent Tesla Azorult Buer Cobalt Strike DanaBot DarkComet Dridex Emotet Formbook IcedID ISFB NetWire RC PlugX Quasar RAT SmokeLoader TrickBot
2021-01-08splunkJames Brodsky, John Stoner, Lily Lee, Marcus LaFerrera, Ryan Kovar
A Golden SAML Journey: SolarWinds Continued
2021-01-06MimecastMatthew Gardiner
How to Slam a Door on the Cutwail Botnet: Enforce DMARC
2021-01-04SentinelOneMarco Figueroa
Building a Custom Malware Analysis Lab Environment
2021-01-01GoogleFabian Kaczmarczyck
Burning the Haystack: Malware Lead Generation at Scale