Malware Analysis and Threat Intelligence Research

Advanced Cyberchef Techniques - Defeating Nanocore Obfuscation With Math and Flow Control

CyberChef Tutorials

Advanced Cyberchef Techniques - Defeating Nanocore Obfuscation With Math and Flow Control

Applying Flow Control and Mathematical operators to deobfuscate a .vbs loader for Nanocore malware.

Decoding a Cobalt Strike Downloader Script With CyberChef

How To Use CyberChef

Decoding a Cobalt Strike Downloader Script With CyberChef

Decoding a Cobalt Strike script with CyberChef and VsCode.

Tracking APT SideWinder Domains By Combining Regex Patterns, Whois Records and Domain Registrars

Threat Intelligence Guides

Tracking APT SideWinder Domains By Combining Regex Patterns, Whois Records and Domain Registrars

Tracking APT SideWinder Domains With Regular Expressions, Whois Records and Domain Registrars

How To Track Malicious Infrastructure With DNS Records - Vultur Banking Trojan

Threat Intelligence Guides

How To Track Malicious Infrastructure With DNS Records - Vultur Banking Trojan

Tracking Malware Infrastructure Through Subdomain Analysis

How To Track Malware Infrastructure - Identifying MatanBuchus Domains Through Hardcoded Certificate Values

Threat Intelligence Guides

How To Track Malware Infrastructure - Identifying MatanBuchus Domains Through Hardcoded Certificate Values

Identifying malicious infrastructure through hardcoded TLS Certificates and Subdomains.

Tracking Malware Infrastructure With Passive DNS and 302 Redirects

Threat Intelligence Guides

Tracking Malware Infrastructure With Passive DNS and 302 Redirects

Finding phishing domains passive DNS tooling and 302 redirects.

Tracking Gamaredon Infrastructure With Passive DNS Records and Subdomain Analysis

Threat Intelligence Guides

Tracking Gamaredon Infrastructure With Passive DNS Records and Subdomain Analysis

Leveraging Passive DNS to identify APT infrastructure. Building on public intelligence reports.

Introduction To Malware Infrastructure Analysis With Passive DNS

Threat Intelligence Guides

Introduction To Malware Infrastructure Analysis With Passive DNS

Malware Infrastructure Tracking Using Passive DNS Intelligence.

Latrodectus Malware Analysis - Decoding Obfuscated Malware By Removing Junk Comments

Malware Analysis Guides

Latrodectus Malware Analysis - Decoding Obfuscated Malware By Removing Junk Comments

Identifying and Removing Obfuscation in a Self-Referencing Latrodectus Loader

Advanced CyberChef Techniques For Malware Analysis - Detailed Walkthrough and Examples

Malware Analysis Guides

Advanced CyberChef Techniques For Malware Analysis - Detailed Walkthrough and Examples

Advanced CyberChef techniques using Registers, Regex and Flow Control

Embee Research

Learn Malware Analysis and Threat Intelligence.

Latest

Practical Queries for Identifying Malware Infrastructure With FOFA

Practical Queries for Identifying Malware Infrastructure With FOFA

Identifying malware infrastructure with the FOFA scanner.

How to Use Ghidra to Analyse Shellcode and Extract Cobalt Strike Command & Control Servers

How to Use Ghidra to Analyse Shellcode and Extract Cobalt Strike Command & Control Servers

Manual analysis of Cobalt Strike Shellcode with Ghidra. Identifying function calls and resolving API hashing.

How To Use Ghidra For Malware Analysis - Identifying, Decoding and Fixing Encrypted Strings

How To Use Ghidra For Malware Analysis - Identifying, Decoding and Fixing Encrypted Strings

Manual identification, decryption and fixing of encrypted strings using Ghidra and x32dbg.

Identifying Qakbot Servers with Regex and TLS Certificates

Identifying Qakbot Servers with Regex and TLS Certificates

Catching 83 Qakbot Servers using Regular Expressions.

How To Build Advanced Threat Intelligence Queries Utilising Regex and TLS Certificates - (BianLian)

How To Build Advanced Threat Intelligence Queries Utilising Regex and TLS Certificates - (BianLian)

Creating Regex Signatures on TLS Certificates with Censys.

How To Use Ghidra For Malware Analysis - Establishing Context on Imported Functions

How To Use Ghidra For Malware Analysis - Establishing Context on Imported Functions

Leveraging Ghidra to establish context and intent behind imported functions.

Identifying PrivateLoader Servers with Infrastructure Queries

Identifying PrivateLoader Servers with Infrastructure Queries

Refining Queries and Identifying Suspicious servers using Censys.

Ghidra For Malware Analysis - Pivoting from String Cross References

Ghidra For Malware Analysis - Pivoting from String Cross References

Leveraging Ghidra to establish context and intent behind suspicious strings.

Beginner Ghidra Guide - Manual Shellcode Decryption

Beginner Ghidra Guide - Manual Shellcode Decryption

Manually Reversing a decryption function using Ghidra, ChatGPT and CyberChef.

Practical Queries for Malware Infrastructure - Part 3 (Advanced Examples)

Practical Queries for Malware Infrastructure - Part 3 (Advanced Examples)

More interesting and practical queries for identifying malware infrastructure.

Combining Pivot Points to Identify Malware Infrastructure - Redline, Smokeloader and Cobalt Strike

Combining Pivot Points to Identify Malware Infrastructure - Redline, Smokeloader and Cobalt Strike

Identifying Malware infrastructure by combining weak pivot points.

How To Use Garbageman To Extract C2's From Dotnet Malware

How To Use Garbageman To Extract C2's From Dotnet Malware

Extracting C2 configuration using the Garbageman .NET analysis tool

See all