Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2024-07-01Speakerdeck (takahiro_haruyama)Takahiro Haruyama
The Art of Malware C2 Scanning - How to Reverse and Emulate Protocol Obfuscated by Compiler
DOPLUGS Hodur
2023-01-14YouTube (CODE BLUE)Takahiro Haruyama
[CB22]Tracking the Entire Iceberg - Long-term APT Malware C2 Protocol Emulation and Scanning
ShadowPad Winnti
2022-11-21vmwareTakahiro Haruyama, Threat Analysis Unit
Threat Analysis: Active C2 Discovery Using Protocol Emulation Part4 (Dacls, aka MATA)
Dacls
2022-10-27vmwareTakahiro Haruyama
Threat Analysis: Active C2 Discovery Using Protocol Emulation Part3 (ShadowPad)
ShadowPad
2022-10-25VMware Threat Analysis UnitTakahiro Haruyama
Tracking the entire iceberg: long-term APT malware C2 protocol emulation and scanning
ShadowPad Winnti
2022-09-26Youtube (Virus Bulletin)Takahiro Haruyama
Tracking the entire iceberg long term APT malware C2 protocol emulation and scanning
ShadowPad Winnti
2022-09-19Virus BulletinTakahiro Haruyama
Tracking the entire iceberg - long-term APT malware C2 protocol emulation and scanning
ShadowPad Winnti
2021-11-16vmwareTakahiro Haruyama
Monitoring Winnti 4.0 C2 Servers for Two Years
Winnti
2021-06-25GdataFlorian Roth, Johann Aydinbas, Karsten Hahn, Takahiro Haruyama
Microsoft signed a malicious Netfilter rootkit
NetfilterRootkit
2021-06-15vmwareTakahiro Haruyama
Detecting UEFI Bootkits in the Wild (Part 1)
LoJax MosaicRegressor TrickBot
2021-02-24VMWare Carbon BlackTakahiro Haruyama
Knock, knock, Neo. - Active C2 Discovery Using Protocol Emulation
Cobalt Strike
2020-09-22vmwareOmar Elgebaly, Takahiro Haruyama
Detecting Threats in Real-time With Active C2 Information
Agent.BTZ Cobalt Strike Dacls NetWire RC PoshC2 Winnti
2020-02-20Carbon BlackTakahiro Haruyama
Threat Analysis: Active C2 Discovery Using Protocol Emulation Part2 (Winnti 4.0)
Winnti
2019-11-20vmwareTakahiro Haruyama
Active C2 Discovery Using Protocol Emulation Part1 (HYDSEVEN NetWire)
NetWire RC
2019-10-24Carbon BlackTakahiro Haruyama
Defeating APT10 Compiler-level Obfuscations
Anel
2019-09-04CarbonBlackTakahiro Haruyama
CB TAU Threat Intelligence Notification: Winnti Malware 4.0
Winnti