Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2023-04-28Twitter (@MichalKoczwara)Michael Koczwara
@online{koczwara:20230428:hunting:8290d1c, author = {Michael Koczwara}, title = {{Tweet on hunting BRC4 infrastructure}}, date = {2023-04-28}, organization = {Twitter (@MichalKoczwara)}, url = {https://twitter.com/MichalKoczwara/status/1652067563545800705}, language = {English}, urldate = {2023-05-25} } Tweet on hunting BRC4 infrastructure
Brute Ratel C4
2022-09-01Medium michaelkoczwaraMichael Koczwara
@online{koczwara:20220901:hunting:45c54de, author = {Michael Koczwara}, title = {{Hunting C2/Adversaries Infrastructure with Shodan and Censys}}, date = {2022-09-01}, organization = {Medium michaelkoczwara}, url = {https://michaelkoczwara.medium.com/hunting-c2-with-shodan-223ca250d06f}, language = {English}, urldate = {2023-01-19} } Hunting C2/Adversaries Infrastructure with Shodan and Censys
Brute Ratel C4 Cobalt Strike Deimos GRUNT IcedID Merlin Meterpreter Nighthawk PoshC2 Sliver
2022-03-31Medium michaelkoczwaraMichael Koczwara
@online{koczwara:20220331:lapsus:5e2e01b, author = {Michael Koczwara}, title = {{LAPSUS$ TTP’s}}, date = {2022-03-31}, organization = {Medium michaelkoczwara}, url = {https://michaelkoczwara.medium.com/lapsus-ttps-431d1ca21e80}, language = {English}, urldate = {2022-04-04} } LAPSUS$ TTP’s
2021-09-12Medium michaelkoczwaraMichael Koczwara
@online{koczwara:20210912:mapping:8a5f43a, author = {Michael Koczwara}, title = {{Mapping and Pivoting from Cobalt Strike C2 Infrastructure Attributed to CVE-2021-40444}}, date = {2021-09-12}, organization = {Medium michaelkoczwara}, url = {https://michaelkoczwara.medium.com/mapping-and-pivoting-cobalt-strike-c2-infrastructure-attributed-to-cve-2021-40444-438786fcd68a}, language = {English}, urldate = {2022-01-28} } Mapping and Pivoting from Cobalt Strike C2 Infrastructure Attributed to CVE-2021-40444
Cobalt Strike
2021-09-07Medium michaelkoczwaraMichael Koczwara
@online{koczwara:20210907:cobalt:7af112e, author = {Michael Koczwara}, title = {{Cobalt Strike C2 Hunting with Shodan}}, date = {2021-09-07}, organization = {Medium michaelkoczwara}, url = {https://michaelkoczwara.medium.com/cobalt-strike-c2-hunting-with-shodan-c448d501a6e2}, language = {English}, urldate = {2021-09-09} } Cobalt Strike C2 Hunting with Shodan
Cobalt Strike
2021-09-02Medium michaelkoczwaraMichael Koczwara
@online{koczwara:20210902:cobalt:40a1888, author = {Michael Koczwara}, title = {{Cobalt Strike PowerShell Payload Analysis}}, date = {2021-09-02}, organization = {Medium michaelkoczwara}, url = {https://michaelkoczwara.medium.com/cobalt-strike-powershell-payload-analysis-eecf74b3c2f7}, language = {English}, urldate = {2021-09-09} } Cobalt Strike PowerShell Payload Analysis
Cobalt Strike
2021-08-17Medium michaelkoczwaraMichael Koczwara
@online{koczwara:20210817:cobalt:64689eb, author = {Michael Koczwara}, title = {{Cobalt Strike Hunting — DLL Hijacking/Attack Analysis}}, date = {2021-08-17}, organization = {Medium michaelkoczwara}, url = {https://michaelkoczwara.medium.com/cobalt-strike-hunting-dll-hijacking-attack-analysis-ffbf8fd66a4e}, language = {English}, urldate = {2021-09-09} } Cobalt Strike Hunting — DLL Hijacking/Attack Analysis
Cobalt Strike
2021-07-22Medium michaelkoczwaraMichael Koczwara
@online{koczwara:20210722:cobalt:f102b02, author = {Michael Koczwara}, title = {{Cobalt Strike Hunting — simple PCAP and Beacon Analysis}}, date = {2021-07-22}, organization = {Medium michaelkoczwara}, url = {https://michaelkoczwara.medium.com/cobalt-strike-hunting-simple-pcap-and-beacon-analysis-f51c36ce6811}, language = {English}, urldate = {2021-07-22} } Cobalt Strike Hunting — simple PCAP and Beacon Analysis
Cobalt Strike