Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2021-06-07Medium walmartglobaltechJoshua Platt, Jason Reaves
@online{platt:20210607:inside:6c363a7, author = {Joshua Platt and Jason Reaves}, title = {{Inside the SystemBC Malware-As-A-Service}}, date = {2021-06-07}, organization = {Medium walmartglobaltech}, url = {https://medium.com/walmartglobaltech/inside-the-systembc-malware-as-a-service-9aa03afd09c6}, language = {English}, urldate = {2021-06-08} } Inside the SystemBC Malware-As-A-Service
Ryuk SystemBC TrickBot
2021-06-02Medium CyCraftCyCraft Technology Corp
@online{corp:20210602:chinalinked:487955f, author = {CyCraft Technology Corp}, title = {{China-Linked Threat Group Targets Taiwan Critical Infrastructure, Smokescreen Ransomware}}, date = {2021-06-02}, organization = {Medium CyCraft}, url = {https://medium.com/cycraft/china-linked-threat-group-targets-taiwan-critical-infrastructure-smokescreen-ransomware-c2a155aa53d5}, language = {English}, urldate = {2021-06-09} } China-Linked Threat Group Targets Taiwan Critical Infrastructure, Smokescreen Ransomware
Cobalt Strike ColdLock
2021-06-01Medium mergeneMehmet Ergene
@online{ergene:20210601:detecting:5c4b6ff, author = {Mehmet Ergene}, title = {{Detecting Initial Access: HTML Smuggling and ISO Images — Part 1}}, date = {2021-06-01}, organization = {Medium mergene}, url = {https://mergene.medium.com/detecting-initial-access-html-smuggling-and-iso-images-part-1-c4f953edd13f}, language = {English}, urldate = {2021-06-09} } Detecting Initial Access: HTML Smuggling and ISO Images — Part 1
2021-06-01Medium mergeneMehmet Ergene
@online{ergene:20210601:detecting:d2d5dd8, author = {Mehmet Ergene}, title = {{Detecting Initial Access: HTML Smuggling and ISO Images — Part 2}}, date = {2021-06-01}, organization = {Medium mergene}, url = {https://mergene.medium.com/detecting-initial-access-html-smuggling-and-iso-images-part-2-f8dd600430e2}, language = {English}, urldate = {2021-06-09} } Detecting Initial Access: HTML Smuggling and ISO Images — Part 2
2021-05-19Medium Mehmet ErgeneMehmet Ergene
@online{ergene:20210519:enterprise:f7fb481, author = {Mehmet Ergene}, title = {{Enterprise Scale Threat Hunting: Network Beacon Detection with Unsupervised ML and KQL — Part 2}}, date = {2021-05-19}, organization = {Medium Mehmet Ergene}, url = {https://mergene.medium.com/enterprise-scale-threat-hunting-network-beacon-detection-with-unsupervised-ml-and-kql-part-2-bff46cfc1e7e}, language = {English}, urldate = {2021-05-26} } Enterprise Scale Threat Hunting: Network Beacon Detection with Unsupervised ML and KQL — Part 2
Cobalt Strike
2021-05-18Medium (Cryptax)Axelle Apvrille
@online{apvrille:20210518:native:350d98f, author = {Axelle Apvrille}, title = {{A native packer for Android/MoqHao}}, date = {2021-05-18}, organization = {Medium (Cryptax)}, url = {https://cryptax.medium.com/a-native-packer-for-android-moqhao-6362a8412fe1}, language = {English}, urldate = {2021-05-19} } A native packer for Android/MoqHao
MoqHao
2021-05-12Medium Mehmet ErgeneMehmet Ergene
@online{ergene:20210512:enterprise:09742df, author = {Mehmet Ergene}, title = {{Enterprise Scale Threat Hunting: Network Beacon Detection with Unsupervised ML and KQL — Part 1}}, date = {2021-05-12}, organization = {Medium Mehmet Ergene}, url = {https://mergene.medium.com/enterprise-scale-threat-hunting-network-beacon-detection-with-unsupervised-machine-learning-and-277c4c30304f}, language = {English}, urldate = {2021-05-26} } Enterprise Scale Threat Hunting: Network Beacon Detection with Unsupervised ML and KQL — Part 1
Cobalt Strike
2021-05-07Medium svch0stsvch0st
@online{svch0st:20210507:stats:11919e5, author = {svch0st}, title = {{Stats from Hunting Cobalt Strike Beacons}}, date = {2021-05-07}, organization = {Medium svch0st}, url = {https://svch0st.medium.com/stats-from-hunting-cobalt-strike-beacons-c17e56255f9b}, language = {English}, urldate = {2021-05-08} } Stats from Hunting Cobalt Strike Beacons
Cobalt Strike
2021-05-04Medium sergiusechelSergiu Sechel
@online{sechel:20210504:improving:ce4da6d, author = {Sergiu Sechel}, title = {{Improving the network-based detection of Cobalt Strike C2 servers in the wild while reducing the risk of false positives}}, date = {2021-05-04}, organization = {Medium sergiusechel}, url = {https://sergiusechel.medium.com/improving-the-network-based-detection-of-cobalt-strike-c2-servers-in-the-wild-while-reducing-the-6964205f6468}, language = {English}, urldate = {2021-05-04} } Improving the network-based detection of Cobalt Strike C2 servers in the wild while reducing the risk of false positives
Cobalt Strike
2021-05-03Medium walmartglobaltechJoshua Platt, Jason Reaves
@online{platt:20210503:buerloader:2aa3e3f, author = {Joshua Platt and Jason Reaves}, title = {{BuerLoader Updates}}, date = {2021-05-03}, organization = {Medium walmartglobaltech}, url = {https://medium.com/walmartglobaltech/buerloader-updates-3e34c1949b96}, language = {English}, urldate = {2021-05-04} } BuerLoader Updates
Buer
2021-04-30Medium ateixeiAlex Teixeira
@online{teixeira:20210430:detecting:70a1053, author = {Alex Teixeira}, title = {{Detecting network beacons via KQL using simple spread stats functions}}, date = {2021-04-30}, organization = {Medium ateixei}, url = {https://ateixei.medium.com/detecting-network-beacons-via-kql-using-simple-spread-stats-functions-c2f031b0736b}, language = {English}, urldate = {2021-05-03} } Detecting network beacons via KQL using simple spread stats functions
2021-04-27Medium Cedric OwensCedric Owens
@online{owens:20210427:macos:489e558, author = {Cedric Owens}, title = {{macOS Gatekeeper Bypass (2021 Edition)}}, date = {2021-04-27}, organization = {Medium Cedric Owens}, url = {https://cedowens.medium.com/macos-gatekeeper-bypass-2021-edition-5256a2955508}, language = {English}, urldate = {2021-04-29} } macOS Gatekeeper Bypass (2021 Edition)
Shlayer
2021-04-26Medium testbnullMin-Chang Jang
@online{jang:20210426:microsoft:9ccf07e, author = {Min-Chang Jang}, title = {{Microsoft Exchange From Deserialization to Post-Auth RCE (CVE-2021–28482)}}, date = {2021-04-26}, organization = {Medium testbnull}, url = {https://testbnull.medium.com/microsoft-exchange-from-deserialization-to-post-auth-rce-cve-2021-28482-e713001d915f}, language = {Vietnamese}, urldate = {2021-06-07} } Microsoft Exchange From Deserialization to Post-Auth RCE (CVE-2021–28482)
2021-04-24Medium lordx64Taha Karim
@online{karim:20210424:initial:b6d138f, author = {Taha Karim}, title = {{Initial analysis of PasswordState supply chain attack backdoor code}}, date = {2021-04-24}, organization = {Medium lordx64}, url = {https://lordx64.medium.com/initial-analysis-of-passwordstate-supply-chain-attack-backdoor-code-aaff1df389e4}, language = {English}, urldate = {2021-04-29} } Initial analysis of PasswordState supply chain attack backdoor code
2021-04-20Medium walmartglobaltechJason Reaves
@online{reaves:20210420:cobaltstrike:d18d4c4, author = {Jason Reaves}, title = {{CobaltStrike Stager Utilizing Floating Point Math}}, date = {2021-04-20}, organization = {Medium walmartglobaltech}, url = {https://medium.com/walmartglobaltech/cobaltstrike-stager-utilizing-floating-point-math-9bc13f9b9718}, language = {English}, urldate = {2021-04-20} } CobaltStrike Stager Utilizing Floating Point Math
Cobalt Strike
2021-04-19Medium elis531989Eli Salem
@online{salem:20210419:dancing:7fbe743, author = {Eli Salem}, title = {{Dancing With Shellcodes: Cracking the latest version of Guloader}}, date = {2021-04-19}, organization = {Medium elis531989}, url = {https://elis531989.medium.com/dancing-with-shellcodes-cracking-the-latest-version-of-guloader-75083fb15cb4}, language = {English}, urldate = {2021-04-20} } Dancing With Shellcodes: Cracking the latest version of Guloader
CloudEyE
2021-04-16Medium (Bank Security)Bank_Security
@online{banksecurity:20210416:are:88ed36e, author = {Bank_Security}, title = {{Are the hackers all Russian? Results of a 1 year espionage operation in the Top-tier Russian underground communities}}, date = {2021-04-16}, organization = {Medium (Bank Security)}, url = {https://bank-security.medium.com/are-the-hackers-all-russian-363d09a6610}, language = {English}, urldate = {2021-04-19} } Are the hackers all Russian? Results of a 1 year espionage operation in the Top-tier Russian underground communities
2021-04-09Medium walmartglobaltechJason Reaves
@online{reaves:20210409:relook:ab87230, author = {Jason Reaves}, title = {{A Relook at the TerraLoader Dropper DLL}}, date = {2021-04-09}, organization = {Medium walmartglobaltech}, url = {https://medium.com/walmartglobaltech/a-re-look-at-the-terraloader-dropper-dll-e5947ad6e244}, language = {English}, urldate = {2021-04-12} } A Relook at the TerraLoader Dropper DLL
TerraLoader
2021-04-07Medium walmartglobaltechJason Reaves
@online{reaves:20210407:not:c28aeef, author = {Jason Reaves}, title = {{Not your same old adware anymore, PBOT updates}}, date = {2021-04-07}, organization = {Medium walmartglobaltech}, url = {https://medium.com/walmartglobaltech/not-your-same-old-adware-anymore-pbot-updates-6d43b159ab35}, language = {English}, urldate = {2021-04-09} } Not your same old adware anymore, PBOT updates
2021-04-07Medium sixdubJustin Warner
@online{warner:20210407:using:a7d19fd, author = {Justin Warner}, title = {{Using Kaitai Struct to Parse Cobalt Strike Beacon Configs}}, date = {2021-04-07}, organization = {Medium sixdub}, url = {https://sixdub.medium.com/using-kaitai-to-parse-cobalt-strike-beacon-configs-f5f0552d5a6e}, language = {English}, urldate = {2021-04-09} } Using Kaitai Struct to Parse Cobalt Strike Beacon Configs
Cobalt Strike