Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2021-06-14nccgroupNCCGroup, Fox-IT Data Science Team
@online{nccgroup:20210614:incremental:da01496, author = {NCCGroup and Fox-IT Data Science Team}, title = {{Incremental Machine Learning by Example: Detecting Suspicious Activity with Zeek Data Streams, River, and JA3 Hashes}}, date = {2021-06-14}, organization = {nccgroup}, url = {https://research.nccgroup.com/2021/06/14/incremental-machine-leaning-by-example-detecting-suspicious-activity-with-zeek-data-streams-river-and-ja3-hashes/}, language = {English}, urldate = {2021-06-21} } Incremental Machine Learning by Example: Detecting Suspicious Activity with Zeek Data Streams, River, and JA3 Hashes
2021-01-31Twitter (@NCCGroupInfosec)NCCGroup
@online{nccgroup:20210131:itw:c033bfc, author = {NCCGroup}, title = {{Tweet on ITW exploitation of 0-day in SonicWall SMA 100 series}}, date = {2021-01-31}, organization = {Twitter (@NCCGroupInfosec)}, url = {https://twitter.com/NCCGroupInfosec/status/1355850304596680705}, language = {English}, urldate = {2021-02-02} } Tweet on ITW exploitation of 0-day in SonicWall SMA 100 series
2021-01-15nccgroupDavid Cash
@online{cash:20210115:sign:c50ae62, author = {David Cash}, title = {{Sign over Your Hashes – Stealing NetNTLM Hashes via Outlook Signatures}}, date = {2021-01-15}, organization = {nccgroup}, url = {https://research.nccgroup.com/2021/01/15/sign-over-your-hashes-stealing-netntlm-hashes-via-outlook-signatures/}, language = {English}, urldate = {2021-01-21} } Sign over Your Hashes – Stealing NetNTLM Hashes via Outlook Signatures
2018-11-22nccgroupBen Humphrey
@online{humphrey:20181122:turla:de7f30a, author = {Ben Humphrey}, title = {{Turla PNG Dropper is back}}, date = {2018-11-22}, organization = {nccgroup}, url = {https://www.nccgroup.trust/uk/about-us/newsroom-and-events/blogs/2018/november/turla-png-dropper-is-back/}, language = {English}, urldate = {2019-11-21} } Turla PNG Dropper is back
Uroburos Turla Group
2018-03-16Github (nccgroup)NCC Group PLC
@online{plc:20180316:royal:7ff57f8, author = {NCC Group PLC}, title = {{Royal APT - APT15 Repository}}, date = {2018-03-16}, organization = {Github (nccgroup)}, url = {https://github.com/nccgroup/Royal_APT}, language = {English}, urldate = {2020-01-09} } Royal APT - APT15 Repository
BS2005 MS Exchange Tool RoyalCli Royal DNS Mirage
2017-04-03Github (nccgroup)David Cannings
@online{cannings:20170403:technical:e27583c, author = {David Cannings}, title = {{Technical Notes on RedLeaves}}, date = {2017-04-03}, organization = {Github (nccgroup)}, url = {https://github.com/nccgroup/Cyber-Defence/tree/master/Technical%20Notes/Red%20Leaves}, language = {English}, urldate = {2020-01-06} } Technical Notes on RedLeaves
RedLeaves
2016-07-14Github (nccgroup)NCC Group PLC
@online{plc:20160714:technical:a0afcbd, author = {NCC Group PLC}, title = {{Technical Notes on Sakula}}, date = {2016-07-14}, organization = {Github (nccgroup)}, url = {https://github.com/nccgroup/Cyber-Defence/tree/master/Technical%20Notes/Sakula}, language = {English}, urldate = {2020-01-08} } Technical Notes on Sakula
Sakula RAT