Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2022-06-13SANS ISCRenato Marinho
@online{marinho:20220613:translating:633e46a, author = {Renato Marinho}, title = {{Translating Saitama's DNS tunneling messages}}, date = {2022-06-13}, organization = {SANS ISC}, url = {https://isc.sans.edu/diary/Translating+Saitama%27s+DNS+tunneling+messages/28738}, language = {English}, urldate = {2022-06-16} } Translating Saitama's DNS tunneling messages
Saitama Backdoor
2021-12-28Morphus LabsRenato Marinho
@online{marinho:20211228:attackers:48320eb, author = {Renato Marinho}, title = {{Attackers are abusing MSBuild to evade defenses and implant Cobalt Strike beacons}}, date = {2021-12-28}, organization = {Morphus Labs}, url = {https://morphuslabs.com/attackers-are-abusing-msbuild-to-evade-defenses-and-implant-cobalt-strike-beacons-edac4ab84f42}, language = {English}, urldate = {2021-12-31} } Attackers are abusing MSBuild to evade defenses and implant Cobalt Strike beacons
Cobalt Strike
2020-11-03InfoSec Handlers Diary BlogRenato Marinho
@online{marinho:20201103:attackers:9b3762b, author = {Renato Marinho}, title = {{Attackers Exploiting WebLogic Servers via CVE-2020-14882 to install Cobalt Strike}}, date = {2020-11-03}, organization = {InfoSec Handlers Diary Blog}, url = {https://isc.sans.edu/diary/26752}, language = {English}, urldate = {2020-11-06} } Attackers Exploiting WebLogic Servers via CVE-2020-14882 to install Cobalt Strike
Cobalt Strike
2020-05-31InfoSec Handlers Diary BlogRenato Marinho
@online{marinho:20200531:guildma:0cad27c, author = {Renato Marinho}, title = {{Guildma is now using Finger and Signed Binary Proxy Execution to evade defenses}}, date = {2020-05-31}, organization = {InfoSec Handlers Diary Blog}, url = {https://isc.sans.edu/diary/27482}, language = {English}, urldate = {2021-06-09} } Guildma is now using Finger and Signed Binary Proxy Execution to evade defenses
Astaroth
2017-12-06BotconfRenato Marinho, Raimir Holanda
@online{marinho:20171206:exploring:f4a89fa, author = {Renato Marinho and Raimir Holanda}, title = {{Exploring a P2P Transient Botnet - From Discovery to Enumeration}}, date = {2017-12-06}, organization = {Botconf}, url = {https://journal.cecyf.fr/ojs/index.php/cybin/article/view/16/22}, language = {English}, urldate = {2020-01-09} } Exploring a P2P Transient Botnet - From Discovery to Enumeration
Rakos
2017-09-26ISCRenato Marinho
@online{marinho:20170926:xpctra:f648aa4, author = {Renato Marinho}, title = {{XPCTRA Malware Steals Banking and Digital Wallet User's Credentials}}, date = {2017-09-26}, organization = {ISC}, url = {https://isc.sans.edu/forums/diary/XPCTRA+Malware+Steals+Banking+and+Digital+Wallet+Users+Credentials/22868/}, language = {English}, urldate = {2019-11-26} } XPCTRA Malware Steals Banking and Digital Wallet User's Credentials
XPCTRA
2017-08-29InfoSec Handlers Diary BlogRenato Marinho
@online{marinho:20170829:second:582ba7f, author = {Renato Marinho}, title = {{Second Google Chrome Extension Banker Malware in Two Weeks}}, date = {2017-08-29}, organization = {InfoSec Handlers Diary Blog}, url = {https://isc.sans.edu/diary/22766}, language = {English}, urldate = {2020-01-08} } Second Google Chrome Extension Banker Malware in Two Weeks
IDKEY