Click here to download all references as Bib-File.
2023-11-01 ⋅ nccgroup ⋅ Popping Blisters for research: An overview of past payloads and exploring recent developments Blister Cobalt Strike |
2022-09-02 ⋅ nccgroup ⋅ Sharkbot is back in Google Play SharkBot |
2022-08-19 ⋅ nccgroup ⋅ Back in Black: Unlocking a LockBit 3.0 Ransomware Attack FAKEUPDATES Cobalt Strike LockBit |
2022-08-04 ⋅ nccgroup ⋅ Top of the Pops: Three common ransomware entry techniques |
2022-05-20 ⋅ nccgroup ⋅ Metastealer – filling the Racoon void MetaStealer |
2022-04-28 ⋅ nccgroup ⋅ LAPSUS$: Recent techniques, tactics and procedures |
2022-03-31 ⋅ nccgroup ⋅ Conti-nuation: methods and techniques observed in operations post the leaks Cobalt Strike Conti QakBot |
2022-03-25 ⋅ nccgroup ⋅ Mining data from Cobalt Strike beacons Cobalt Strike |
2021-11-08 ⋅ nccgroup ⋅ TA505 exploits SolarWinds Serv-U vulnerability (CVE-2021-35211) for initial access |
2021-10-11 ⋅ NCC Group ⋅ SnapMC skips ransomware, steals data |
2021-06-14 ⋅ nccgroup ⋅ Incremental Machine Learning by Example: Detecting Suspicious Activity with Zeek Data Streams, River, and JA3 Hashes |
2021-01-31 ⋅ Twitter (@NCCGroupInfosec) ⋅ Tweet on ITW exploitation of 0-day in SonicWall SMA 100 series |
2021-01-15 ⋅ nccgroup ⋅ Sign over Your Hashes – Stealing NetNTLM Hashes via Outlook Signatures |
2018-11-22 ⋅ nccgroup ⋅ Turla PNG Dropper is back Uroburos Turla |
2018-11-22 ⋅ nccgroup ⋅ Turla PNG Dropper is back Uroburos Turla |
2018-03-16 ⋅ Github (nccgroup) ⋅ Royal APT - APT15 Repository BS2005 MS Exchange Tool RoyalCli Royal DNS APT15 |
2017-04-03 ⋅ Github (nccgroup) ⋅ Technical Notes on RedLeaves RedLeaves |
2016-07-14 ⋅ Github (nccgroup) ⋅ Technical Notes on Sakula Sakula RAT |