Threat Intelligence Guides
Practical Queries for Identifying Malware Infrastructure - Part 2
Threat Intelligence Queries with Censys.
Latest
Malware Analysis Guides
Code Snippets For Dotnet Configuration Extractors
Useful code snippets for developing dotnet configuration extractors.
Detection Engineering
Malware Analysis and Deobfuscation With Procmon - Smokeloader Example
Decoding malware loaders using Procmon and Cyberchef. Utilising Powershell to retrieve additional payloads and free online tooling to identify the malware family.
Threat Intelligence Guides
Threat Intelligence Query Examples - Real World Queries for Identifying Malware Infrastructure
An informal page for storing Censys/Shodan queries
Threat Intelligence Guides
Shodan Query Guide - How To Track Amadey Bot Infrastructure With TLS Certificates and Russian Profanity
Identifying Amadey Bot Servers Using Shodan.
Threat Intelligence Guides
How To Track Malware Infrastructure - Identifying Laplas Infrastructure Using Hardcoded TLS Certificates
Identification of Laplas infrastructure with Shodan and Censys.
Threat Intelligence Guides
How To Track Quasar Rat C2 Infrastructure Using TLS Certificates
Extraction of Quasar C2 configuration via Dnspy, and using this information to pivot to additional servers utilising Shodan and Censys.
Malware Analysis Guides
AgentTesla Malware Analysis - How To Resolve API Hashes With Conditional Breakpoints
Analysis of a Multi-Stage Loader for AgentTesla. Covering Ghidra, Dnspy, X32dbg, API Hashing and more!
Malware Analysis Guides
Amadey Bot Malware Analysis - Static Analysis and C2 Extraction With Ghidra and x64Dbg
Using manual analysis to extract Amadey C2 information with Ghidra and x32dbg
Malware Analysis Guides
Dcrat Malware Analysis - How to Manually Decode a 3-Stage Malware Sample
Manual analysis and deobfuscation of a .NET based Dcrat. Touching on Custom Python Scripts, Cyberchef and .NET analysis with Dnspy.