Click here to download all references as Bib-File.•
| 2022-04-12
⋅
Max Kersten's Blog
⋅
Ghidra script to handle stack strings CaddyWiper PlugX |
| 2022-02-01
⋅
Max Kersten's Blog
⋅
Dumping WhisperGate’s wiper from an Eazfuscator obfuscated loader WhisperGate |
| 2021-07-25
⋅
Max Kersten's Blog
⋅
Ghidra script to decrypt a string array in XOR DDoS XOR DDoS |
| 2021-02-09
⋅
Max Kersten's Blog
⋅
Ghidra script to decrypt strings in Amadey 1.09 Amadey |
| 2020-09-17
⋅
Max Kersten's Blog
⋅
Automatic ReZer0 payload and configuration extraction |
| 2020-08-26
⋅
Max Kersten's Blog
⋅
ReZer0v4 loader MASS Logger |
| 2020-03-26
⋅
Max Kersten's Blog
⋅
Azorult loader stages Azorult |
| 2020-02-24
⋅
Max Kersten's Blog
⋅
Closing in on MageCart 12 magecart |
| 2020-02-17
⋅
Max Kersten's Blog
⋅
Following the tracks of MageCart 12 magecart |
| 2020-01-20
⋅
Max Kersten's Blog
⋅
Ticket resellers infected with a credit card skimmer magecart |
| 2019-10-14
⋅
Max Kersten's Blog
⋅
Corona DDoS bot Bashlite |
| 2019-02-16
⋅
Max Kersten's Blog
⋅
Emotet droppers Emotet |