Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2021-11-17nvisoDidier Stevens
@online{stevens:20211117:cobalt:0b6ecf5, author = {Didier Stevens}, title = {{Cobalt Strike: Decrypting Obfuscated Traffic – Part 4}}, date = {2021-11-17}, organization = {nviso}, url = {https://blog.nviso.eu/2021/11/17/cobalt-strike-decrypting-obfuscated-traffic-part-4/}, language = {English}, urldate = {2021-11-18} } Cobalt Strike: Decrypting Obfuscated Traffic – Part 4
Cobalt Strike
2021-11-03nvisoDidier Stevens
@online{stevens:20211103:cobalt:8f8223d, author = {Didier Stevens}, title = {{Cobalt Strike: Using Process Memory To Decrypt Traffic – Part 3}}, date = {2021-11-03}, organization = {nviso}, url = {https://blog.nviso.eu/2021/11/03/cobalt-strike-using-process-memory-to-decrypt-traffic-part-3/}, language = {English}, urldate = {2021-11-08} } Cobalt Strike: Using Process Memory To Decrypt Traffic – Part 3
Cobalt Strike
2021-11-03Didier StevensDidier Stevens
@online{stevens:20211103:new:6f8b92c, author = {Didier Stevens}, title = {{New Tool: cs-extract-key.py}}, date = {2021-11-03}, organization = {Didier Stevens}, url = {https://blog.didierstevens.com/2021/11/03/new-tool-cs-extract-key-py/}, language = {English}, urldate = {2021-11-17} } New Tool: cs-extract-key.py
Cobalt Strike
2021-10-27nvisoDidier Stevens
@online{stevens:20211027:cobalt:b91181a, author = {Didier Stevens}, title = {{Cobalt Strike: Using Known Private Keys To Decrypt Traffic – Part 2}}, date = {2021-10-27}, organization = {nviso}, url = {https://blog.nviso.eu/2021/10/27/cobalt-strike-using-known-private-keys-to-decrypt-traffic-part-2/}, language = {English}, urldate = {2021-11-03} } Cobalt Strike: Using Known Private Keys To Decrypt Traffic – Part 2
Cobalt Strike
2021-10-21nvisoDidier Stevens
@online{stevens:20211021:cobalt:bfc8702, author = {Didier Stevens}, title = {{Cobalt Strike: Using Known Private Keys To Decrypt Traffic – Part 1}}, date = {2021-10-21}, organization = {nviso}, url = {https://blog.nviso.eu/2021/10/21/cobalt-strike-using-known-private-keys-to-decrypt-traffic-part-1/}, language = {English}, urldate = {2021-10-26} } Cobalt Strike: Using Known Private Keys To Decrypt Traffic – Part 1
Cobalt Strike
2021-04-18YouTube (dist67)Didier Stevens
@online{stevens:20210418:decoding:18e5319, author = {Didier Stevens}, title = {{Decoding Cobalt Strike Traffic}}, date = {2021-04-18}, organization = {YouTube (dist67)}, url = {https://www.youtube.com/watch?v=ysN-MqyIN7M}, language = {English}, urldate = {2021-04-20} } Decoding Cobalt Strike Traffic
Cobalt Strike
2021-03-21YouTube (dist67)Didier Stevens
@online{stevens:20210321:finding:92a9a4d, author = {Didier Stevens}, title = {{Finding Metasploit & Cobalt Strike URLs}}, date = {2021-03-21}, organization = {YouTube (dist67)}, url = {https://www.youtube.com/watch?v=WW0_TgWT2gs}, language = {English}, urldate = {2021-03-25} } Finding Metasploit & Cobalt Strike URLs
Cobalt Strike
2021-03-07InfoSec Handlers Diary BlogDidier Stevens
@online{stevens:20210307:pcaps:980212d, author = {Didier Stevens}, title = {{PCAPs and Beacons}}, date = {2021-03-07}, organization = {InfoSec Handlers Diary Blog}, url = {https://isc.sans.edu/diary/rss/27176}, language = {English}, urldate = {2021-03-11} } PCAPs and Beacons
Cobalt Strike
2020-12-15InfoSec Handlers Diary BlogDidier Stevens
@online{stevens:20201215:analyzing:1aa1e8b, author = {Didier Stevens}, title = {{Analyzing FireEye Maldocs}}, date = {2020-12-15}, organization = {InfoSec Handlers Diary Blog}, url = {https://isc.sans.edu/diary/26882}, language = {English}, urldate = {2020-12-15} } Analyzing FireEye Maldocs
2020-10-26SANS ISC InfoSec ForumsDidier Stevens
@online{stevens:20201026:excel:0cad0df, author = {Didier Stevens}, title = {{Excel 4 Macros: "Abnormal Sheet Visibility"}}, date = {2020-10-26}, organization = {SANS ISC InfoSec Forums}, url = {https://isc.sans.edu/diary/rss/26726}, language = {English}, urldate = {2020-11-02} } Excel 4 Macros: "Abnormal Sheet Visibility"
2020-09-01nvisoDidier Stevens, Maxime Thiebaut, Dries Boone, Bart Parys, Michel Coene
@online{stevens:20200901:epic:038897f, author = {Didier Stevens and Maxime Thiebaut and Dries Boone and Bart Parys and Michel Coene}, title = {{Epic Manchego – atypical maldoc delivery brings flurry of infostealers}}, date = {2020-09-01}, organization = {nviso}, url = {https://blog.nviso.eu/2020/09/01/epic-manchego-atypical-maldoc-delivery-brings-flurry-of-infostealers/}, language = {English}, urldate = {2020-09-01} } Epic Manchego – atypical maldoc delivery brings flurry of infostealers
Azorult NjRAT
2020-03-23SANS ISCDidier Stevens
@online{stevens:20200323:kpot:9f080e7, author = {Didier Stevens}, title = {{KPOT Deployed via AutoIt Script}}, date = {2020-03-23}, organization = {SANS ISC}, url = {https://isc.sans.edu/diary/25934}, language = {English}, urldate = {2020-03-26} } KPOT Deployed via AutoIt Script
KPOT Stealer
2019-08-26InfoSec Handlers Diary BlogDidier Stevens
@online{stevens:20190826:daa:afd346d, author = {Didier Stevens}, title = {{The DAA File Format}}, date = {2019-08-26}, organization = {InfoSec Handlers Diary Blog}, url = {https://isc.sans.edu/forums/diary/The+DAA+File+Format/25246}, language = {English}, urldate = {2021-07-26} } The DAA File Format