Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2022-11-16cocomelonccocomelonc
@online{cocomelonc:20221116:malware:69e2118, author = {cocomelonc}, title = {{Malware development: persistence - part 19. Disk Cleanup Utility. Simple C++ example.}}, date = {2022-11-16}, organization = {cocomelonc}, url = {https://cocomelonc.github.io/persistence/2022/11/16/malware-pers-19.html}, language = {English}, urldate = {2022-11-21} } Malware development: persistence - part 19. Disk Cleanup Utility. Simple C++ example.
2022-11-05cocomelonccocomelonc
@online{cocomelonc:20221105:malware:d52ac5b, author = {cocomelonc}, title = {{Malware analysis: part 6. Shannon entropy. Simple python script.}}, date = {2022-11-05}, organization = {cocomelonc}, url = {https://cocomelonc.github.io/malware/2022/11/05/malware-analysis-6.html}, language = {English}, urldate = {2022-11-11} } Malware analysis: part 6. Shannon entropy. Simple python script.
2022-10-28cocomelonccocomelonc
@online{cocomelonc:20221028:techniques:0ea2e5c, author = {cocomelonc}, title = {{APT techniques: Token theft via UpdateProcThreadAttribute. Simple C++ example.}}, date = {2022-10-28}, organization = {cocomelonc}, url = {https://cocomelonc.github.io/tutorial/2022/10/28/token-theft-2.html}, language = {English}, urldate = {2022-11-11} } APT techniques: Token theft via UpdateProcThreadAttribute. Simple C++ example.
2022-09-30cocomelonccocomelonc
@online{cocomelonc:20220930:malware:eb2f3c8, author = {cocomelonc}, title = {{Malware development: persistence - part 12. Accessibility Features. Simple C++ example.}}, date = {2022-09-30}, organization = {cocomelonc}, url = {https://cocomelonc.github.io/malware/2022/09/30/malware-pers-12.html}, language = {English}, urldate = {2022-10-14} } Malware development: persistence - part 12. Accessibility Features. Simple C++ example.
2022-09-25cocomelonccocomelonc
@online{cocomelonc:20220925:techniques:3e88b21, author = {cocomelonc}, title = {{APT techniques: Access Token manipulation. Token theft. Simple C++ example.}}, date = {2022-09-25}, organization = {cocomelonc}, url = {https://cocomelonc.github.io/tutorial/2022/09/25/token-theft-1.html}, language = {English}, urldate = {2022-11-10} } APT techniques: Access Token manipulation. Token theft. Simple C++ example.
2022-09-20cocomelonc
@online{cocomelonc:20220920:malware:c0e9c97, author = {cocomelonc}, title = {{Malware development: persistence - part 11. Powershell profile. Simple C++ example.}}, date = {2022-09-20}, url = {https://cocomelonc.github.io/malware/2022/09/20/malware-pers-11.html}, language = {English}, urldate = {2022-10-19} } Malware development: persistence - part 11. Powershell profile. Simple C++ example.
Turla RAT TurlaRPC
2022-09-10cocomelonc
@online{cocomelonc:20220910:malware:edaf050, author = {cocomelonc}, title = {{Malware development: persistence - part 10. Using Image File Execution Options. Simple C++ example.}}, date = {2022-09-10}, url = {https://cocomelonc.github.io/malware/2022/09/10/malware-pers-10.html}, language = {English}, urldate = {2022-10-19} } Malware development: persistence - part 10. Using Image File Execution Options. Simple C++ example.
SUNBURST
2022-09-06cocomelonccocomelonc
@online{cocomelonc:20220906:malware:a09756f, author = {cocomelonc}, title = {{Malware development tricks: parent PID spoofing. Simple C++ example.}}, date = {2022-09-06}, organization = {cocomelonc}, url = {https://cocomelonc.github.io/malware/2022/09/06/malware-tricks-23.html}, language = {English}, urldate = {2022-11-17} } Malware development tricks: parent PID spoofing. Simple C++ example.
Cobalt Strike Konni
2022-07-21cocomelonc
@online{cocomelonc:20220721:malware:b5c2a4d, author = {cocomelonc}, title = {{Malware development tricks. Run shellcode like a Lazarus Group. C++ example.}}, date = {2022-07-21}, url = {https://cocomelonc.github.io/malware/2022/07/21/malware-tricks-22.html}, language = {English}, urldate = {2022-10-17} } Malware development tricks. Run shellcode like a Lazarus Group. C++ example.
2022-04-11cocomelonc
@online{cocomelonc:20220411:conti:a30496a, author = {cocomelonc}, title = {{Conti ransomware source code investigation - part 2}}, date = {2022-04-11}, url = {https://cocomelonc.github.io/investigation/2022/04/11/malw-inv-conti-2.html}, language = {English}, urldate = {2022-09-27} } Conti ransomware source code investigation - part 2
Conti
2022-04-02Github (cocomelonc)cocomelonc
@online{cocomelonc:20220402:malware:48c405d, author = {cocomelonc}, title = {{Malware development tricks. Find kernel32.dll base: asm style. C++ example.}}, date = {2022-04-02}, organization = {Github (cocomelonc)}, url = {https://cocomelonc.github.io/tutorial/2022/04/02/malware-injection-18.html}, language = {English}, urldate = {2022-04-07} } Malware development tricks. Find kernel32.dll base: asm style. C++ example.
Conti
2022-03-27cocomelonc
@online{cocomelonc:20220327:conti:07dddfb, author = {cocomelonc}, title = {{Conti ransomware source code investigation - part 1}}, date = {2022-03-27}, url = {https://cocomelonc.github.io/investigation/2022/03/27/malw-inv-conti-1.html}, language = {English}, urldate = {2022-09-27} } Conti ransomware source code investigation - part 1
Conti