Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2021-09-02Twitter (@th3_protoCOL)Colin, GaborSzappanos
@online{colin:20210902:confluence:5bbf2cb, author = {Colin and GaborSzappanos}, title = {{Tweet on Confluence Server exploitation (CVE-2021-26084) in the wild and cobaltsrike activity (mentioned in replies by GaborSzappanos)}}, date = {2021-09-02}, organization = {Twitter (@th3_protoCOL)}, url = {https://twitter.com/th3_protoCOL/status/1433414685299142660?s=20}, language = {English}, urldate = {2021-09-06} } Tweet on Confluence Server exploitation (CVE-2021-26084) in the wild and cobaltsrike activity (mentioned in replies by GaborSzappanos)
Cobalt Strike
2020-12-31Youtube (Colin Hardy)Colin Hardy
@online{hardy:20201231:supernova:f852a43, author = {Colin Hardy}, title = {{SUPERNOVA - Everything you need to know to Reverse Engineer an APT WebShell}}, date = {2020-12-31}, organization = {Youtube (Colin Hardy)}, url = {https://www.youtube.com/watch?v=7WX5fCEzTlA}, language = {English}, urldate = {2021-01-04} } SUPERNOVA - Everything you need to know to Reverse Engineer an APT WebShell
SUPERNOVA
2020-12-22Youtube (Colin Hardy)Colin Hardy
@online{hardy:20201222:sunburst:78b5056, author = {Colin Hardy}, title = {{SUNBURST SolarWinds RECON - Malware Reverse Engineering, OSINT and Identifying Victims}}, date = {2020-12-22}, organization = {Youtube (Colin Hardy)}, url = {https://www.youtube.com/watch?v=mbGN1xqy1jY}, language = {English}, urldate = {2020-12-23} } SUNBURST SolarWinds RECON - Malware Reverse Engineering, OSINT and Identifying Victims
SUNBURST
2020-12-17Youtube (Colin Hardy)Colin Hardy
@online{hardy:20201217:sunburst:059bdbe, author = {Colin Hardy}, title = {{SUNBURST SolarWinds Malware - Tools, Tactics and Methods to get you started with Reverse Engineering}}, date = {2020-12-17}, organization = {Youtube (Colin Hardy)}, url = {https://www.youtube.com/watch?v=JoMwrkijTZ8}, language = {English}, urldate = {2020-12-18} } SUNBURST SolarWinds Malware - Tools, Tactics and Methods to get you started with Reverse Engineering
SUNBURST
2020-12-16Twitter @cybercdh)Colin Hardy
@online{hardy:20201216:3:c3e0e68, author = {Colin Hardy}, title = {{Tweet on 3 key actions SUNBURST performs as soon as it's invoked}}, date = {2020-12-16}, organization = {Twitter @cybercdh)}, url = {https://twitter.com/cybercdh/status/1339241246024404994}, language = {English}, urldate = {2020-12-18} } Tweet on 3 key actions SUNBURST performs as soon as it's invoked
SUNBURST
2020-12-15Twitter @cybercdh)Colin Hardy
@online{hardy:20201215:some:5b19d5f, author = {Colin Hardy}, title = {{Tweet on some more capabilties of SUNBURST backdoor}}, date = {2020-12-15}, organization = {Twitter @cybercdh)}, url = {https://twitter.com/cybercdh/status/1338975171093336067}, language = {English}, urldate = {2020-12-18} } Tweet on some more capabilties of SUNBURST backdoor
SUNBURST
2020-12-15Twitter @cybercdh)Colin Hardy
@online{hardy:20201215:cyberchef:9f25c79, author = {Colin Hardy}, title = {{Tweet on CyberChef recipe to extract and decode strings from #SolarWinds malware binaries.}}, date = {2020-12-15}, organization = {Twitter @cybercdh)}, url = {https://twitter.com/cybercdh/status/1338885244246765569}, language = {English}, urldate = {2020-12-17} } Tweet on CyberChef recipe to extract and decode strings from #SolarWinds malware binaries.
SUNBURST
2020-09-30Team CymruJames Shank, Jacomo Piccolini
@techreport{shank:20200930:pandamic:f210107, author = {James Shank and Jacomo Piccolini}, title = {{Pandamic: Emissary Pandas in the Middle East}}, date = {2020-09-30}, institution = {Team Cymru}, url = {https://vblocalhost.com/uploads/VB2020-Shank-Piccolini.pdf}, language = {English}, urldate = {2021-04-16} } Pandamic: Emissary Pandas in the Middle East
HyperBro HyperSSL
2019-04-30Cisco TalosPierre Cadieux, Colin Grady, Jaeson Schultz, Matt Valites
@online{cadieux:20190430:sodinokibi:d04e315, author = {Pierre Cadieux and Colin Grady and Jaeson Schultz and Matt Valites}, title = {{Sodinokibi ransomware exploits WebLogic Server vulnerability}}, date = {2019-04-30}, organization = {Cisco Talos}, url = {https://blog.talosintelligence.com/2019/04/sodinokibi-ransomware-exploits-weblogic.html}, language = {English}, urldate = {2019-12-17} } Sodinokibi ransomware exploits WebLogic Server vulnerability
REvil
2017-10-11Cisco TalosEdmund Brumaghin, Colin Grady, Dave Maynor, @Simpo13
@online{brumaghin:20171011:spoofed:9f0fc69, author = {Edmund Brumaghin and Colin Grady and Dave Maynor and @Simpo13}, title = {{Spoofed SEC Emails Distribute Evolved DNSMessenger}}, date = {2017-10-11}, organization = {Cisco Talos}, url = {https://blog.talosintelligence.com/2017/10/dnsmessenger-sec-campaign.html}, language = {English}, urldate = {2020-01-09} } Spoofed SEC Emails Distribute Evolved DNSMessenger
DNSMessenger
2017-05-02CiscoEdmund Brumaghin, Colin Grady
@online{brumaghin:20170502:covert:32e078f, author = {Edmund Brumaghin and Colin Grady}, title = {{Covert Channels and Poor Decisions: The Tale of DNSMessenger}}, date = {2017-05-02}, organization = {Cisco}, url = {https://blog.talosintelligence.com/2017/03/dnsmessenger.html}, language = {English}, urldate = {2019-11-26} } Covert Channels and Poor Decisions: The Tale of DNSMessenger
DNSMessenger
2017-04-27ColinGuruColin Hardy
@online{hardy:20170427:advanced:d1d61c4, author = {Colin Hardy}, title = {{Advanced Banload Analysis}}, date = {2017-04-27}, organization = {ColinGuru}, url = {https://colin.guru/index.php?title=Advanced_Banload_Analysis}, language = {English}, urldate = {2019-12-10} } Advanced Banload Analysis
Banload