Click here to download all references as Bib-File.
| 2023-03-09 ⋅ Github (cocomelonc) ⋅ Malware AV/VM evasion - part 12: encrypt/decrypt payload via Madryga. Simple C++ example. |
| 2023-02-20 ⋅ cocomelonc ⋅ Malware AV/VM evasion - part 12: encrypt payload via TEA. Simple C++ example. |
| 2023-02-12 ⋅ cocomelonc ⋅ Malware AV/VM evasion - part 11: encrypt payload via DES. Simple C++ example. |
| 2023-02-10 ⋅ cocomelonc ⋅ Malware analysis: part 8. Yara rule example for MurmurHash2. MurmurHash2 in Conti ransomware Conti |
| 2023-02-02 ⋅ cocomelonc ⋅ Malware analysis: part 7. Yara rule example for CRC32. CRC32 in REvil ransomware REvil |
| 2023-01-20 ⋅ cocomelonc ⋅ Malware development: persistence - part 21. Recycle Bin, My Documents COM extension handler. Simple C++ example. |
| 2023-01-04 ⋅ Malware development tricks: part 26. Mutex. C++ example. AsyncRAT Conti HelloKitty |
| 2022-12-21 ⋅ cocomelonc ⋅ Malware development tricks: part 25. EnumerateLoadedModules. Simple C++ example. |
| 2022-12-09 ⋅ cocomelonc ⋅ Malware development: persistence - part 20. UserInitMprLogonScript (Logon Script). Simple C++ example. Attor Zebrocy |
| 2022-11-27 ⋅ cocomelonc ⋅ Malware development tricks: part 24. ListPlanting. Simple C++ example. InvisiMole |
| 2022-11-16 ⋅ cocomelonc ⋅ Malware development: persistence - part 19. Disk Cleanup Utility. Simple C++ example. |
| 2022-11-05 ⋅ cocomelonc ⋅ Malware analysis: part 6. Shannon entropy. Simple python script. |
| 2022-10-28 ⋅ cocomelonc ⋅ APT techniques: Token theft via UpdateProcThreadAttribute. Simple C++ example. |
| 2022-09-30 ⋅ cocomelonc ⋅ Malware development: persistence - part 12. Accessibility Features. Simple C++ example. |
| 2022-09-25 ⋅ cocomelonc ⋅ APT techniques: Access Token manipulation. Token theft. Simple C++ example. |
| 2022-09-20 ⋅ Malware development: persistence - part 11. Powershell profile. Simple C++ example. Turla RAT TurlaRPC |
| 2022-09-10 ⋅ Malware development: persistence - part 10. Using Image File Execution Options. Simple C++ example. SUNBURST |
| 2022-09-06 ⋅ cocomelonc ⋅ Malware development tricks: parent PID spoofing. Simple C++ example. Cobalt Strike Konni |
| 2022-08-26 ⋅ Malware development: persistence - part 9. Default file extension hijacking. Simple C++ example. Kimsuky |
| 2022-07-30 ⋅ Malware AV evasion - part 8. Encode payload via Z85 Agent Tesla Carbanak Carberp Cardinal RAT Cobalt Strike donut_injector |