Click here to download all references as Bib-File.
| 2023-11-30 ⋅ Twitter (@embee_research) ⋅ Advanced Threat Intel Queries - Catching 83 Qakbot Servers with Regex, Censys and TLS Certificates QakBot |
| 2023-11-27 ⋅ Twitter (@embee_research) ⋅ Building Threat Intel Queries Utilising Regex and TLS Certificates - (BianLian) BianLian |
| 2023-11-26 ⋅ Twitter (@embee_research) ⋅ Identifying Suspected PrivateLoader Servers with Censys PrivateLoader |
| 2023-11-22 ⋅ Twitter (@embee_research) ⋅ Practical Queries for Malware Infrastructure - Part 3 (Advanced Examples) BianLian Xtreme RAT NjRAT QakBot RedLine Stealer Remcos |
| 2023-11-19 ⋅ Twitter (@embee_research) ⋅ Combining Pivot Points to Identify Malware Infrastructure - Redline, Smokeloader and Cobalt Strike Amadey Cobalt Strike RedLine Stealer SmokeLoader |
| 2023-11-15 ⋅ Twitter (@embee_research) ⋅ Identifying Simple Pivot Points in Malware Infrastructure - RisePro Stealer RedLine Stealer RisePro |
| 2023-11-06 ⋅ Twitter (@embee_research) ⋅ Unpacking Malware With Hardware Breakpoints - Cobalt Strike Cobalt Strike |
| 2023-11-01 ⋅ Twitter (@embee_research) ⋅ Malware Unpacking With Memory Dumps - Intermediate Methods (Pe-Sieve, Process Hacker, Hxd and Pe-bear) AsyncRAT |
| 2023-10-30 ⋅ Twitter (@embee_research) ⋅ Unpacking .NET Malware With Process Hacker and Dnspy AsyncRAT |
| 2023-10-27 ⋅ Twitter (@embee_research) ⋅ Remcos Downloader Analysis - Manual Deobfuscation of Visual Basic and Powershell Remcos |
| 2023-10-23 ⋅ Twitter (@embee_research) ⋅ Cobalt Strike .VBS Loader - Decoding with Advanced CyberChef and Emulation Cobalt Strike |
| 2023-10-20 ⋅ Twitter (@embee_research) ⋅ Decoding a Cobalt Strike .hta Loader Using CyberChef and Emulation Cobalt Strike |
| 2023-10-18 ⋅ Twitter (@embee_research) ⋅ Ghidra Tutorial - Using Entropy To Locate a Cobalt Strike Decryption Function Cobalt Strike |
| 2023-10-16 ⋅ Twitter (@embee_research) ⋅ Decoding a Simple Visual Basic (.vbs) Script - DarkGate Loader DarkGate |
| 2023-10-10 ⋅ Twitter (@embee_research) ⋅ How To Develop Yara Rules for .NET Malware Using IL ByteCodes RedLine Stealer |
| 2023-10-05 ⋅ Twitter (@embee_research) ⋅ Introduction to DotNet Configuration Extraction - RevengeRAT Revenge RAT |
| 2023-10-04 ⋅ Twitter (@embee_research) ⋅ Developing Yara Signatures for Malware - Practical Examples DarkGate Lu0Bot |
| 2023-08-23 ⋅ Twitter (@embee_research) ⋅ Extracting Xworm from Bloated Golang Executable XWorm |
| 2023-07-11 ⋅ Twitter (@embee_research) ⋅ Tweets on Ransomware Infrastructure Analysis With Censys and GrabbrApp DarkSide |
| 2023-06-24 ⋅ Twitter (@embee_research) ⋅ SmokeLoader - Malware Analysis and Decoding With Procmon SmokeLoader |