Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2023-11-01nccgroupMick Koomen
Popping Blisters for research: An overview of past payloads and exploring recent developments
Blister Cobalt Strike
2022-09-02nccgroupAlberto Segura, Mike Stokkel
Sharkbot is back in Google Play
SharkBot
2022-09-02nccgroupAlberto Segura, Mike Stokkel
Sharkbot is back in Google Play
SharkBot
2022-08-19nccgroupRoss Inman
Back in Black: Unlocking a LockBit 3.0 Ransomware Attack
FAKEUPDATES Cobalt Strike LockBit
2022-08-04nccgroupMichael Mathews, RIFT: Research and Intelligence Fusion Team
Top of the Pops: Three common ransomware entry techniques
2022-08-04nccgroupMichael Mathews, RIFT: Research and Intelligence Fusion Team
Top of the Pops: Three common ransomware entry techniques
2022-05-20nccgroupPeter Gurney
Metastealer – filling the Racoon void
MetaStealer
2022-04-28nccgroupDavid Brown, Michael Matthews, Rob Smallridge
LAPSUS$: Recent techniques, tactics and procedures
2022-04-28nccgroupDavid Brown, Michael Matthews, Rob Smallridge
LAPSUS$: Recent techniques, tactics and procedures
2022-04-28nccgroupDavid Brown, Michael Matthews, Rob Smallridge
LAPSUS$: Recent techniques, tactics and procedures
2022-03-31nccgroupAlex Jessop, Nikolaos Pantazopoulos, RIFT: Research and Intelligence Fusion Team, Simon Biggs
Conti-nuation: methods and techniques observed in operations post the leaks
Cobalt Strike Conti QakBot
2022-03-31nccgroupAlex Jessop, Nikolaos Pantazopoulos, RIFT: Research and Intelligence Fusion Team, Simon Biggs
Conti-nuation: methods and techniques observed in operations post the leaks
Cobalt Strike Conti QakBot
2022-03-31nccgroupAlex Jessop, Nikolaos Pantazopoulos, RIFT: Research and Intelligence Fusion Team, Simon Biggs
Conti-nuation: methods and techniques observed in operations post the leaks
Cobalt Strike Conti QakBot
2022-03-31nccgroupAlex Jessop, Nikolaos Pantazopoulos, RIFT: Research and Intelligence Fusion Team, Simon Biggs
Conti-nuation: methods and techniques observed in operations post the leaks
Cobalt Strike Conti QakBot
2022-03-25nccgroupYun Zheng Hu
Mining data from Cobalt Strike beacons
Cobalt Strike
2021-11-08nccgroupFox IT
TA505 exploits SolarWinds Serv-U vulnerability (CVE-2021-35211) for initial access
TiltedTemple
2021-10-11NCC GroupNCCGroup
SnapMC skips ransomware, steals data
2021-06-14nccgroupFox-IT Data Science Team, NCCGroup
Incremental Machine Learning by Example: Detecting Suspicious Activity with Zeek Data Streams, River, and JA3 Hashes
2021-06-14nccgroupFox-IT Data Science Team, NCCGroup
Incremental Machine Learning by Example: Detecting Suspicious Activity with Zeek Data Streams, River, and JA3 Hashes
2021-01-31Twitter (@NCCGroupInfosec)NCCGroup
Tweet on ITW exploitation of 0-day in SonicWall SMA 100 series
2021-01-15nccgroupDavid Cash
Sign over Your Hashes – Stealing NetNTLM Hashes via Outlook Signatures
2018-11-22nccgroupMatt Lewis
Turla PNG Dropper is back
Uroburos Turla
2018-11-22nccgroupBen Humphrey
Turla PNG Dropper is back
Uroburos Turla
2018-03-16Github (nccgroup)NCC Group PLC
Royal APT - APT15 Repository
BS2005 MS Exchange Tool RoyalCli Royal DNS APT15
2017-04-03Github (nccgroup)David Cannings
Technical Notes on RedLeaves
RedLeaves
2016-07-14Github (nccgroup)NCC Group PLC
Technical Notes on Sakula
Sakula RAT