Threat Intelligence Guides

Threat Intelligence Guides

Practical Examples of URL Hunting Queries - Part 1

Practical examples of URL hunting queries.

Threat Intelligence Guides

Tracking APT SideWinder Domains By Combining Regex Patterns, Whois Records and Domain Registrars

Tracking APT SideWinder Domains With Regular Expressions, Whois Records and Domain Registrars

Threat Intelligence Guides

How To Track Malicious Infrastructure With DNS Records - Vultur Banking Trojan

Tracking Malware Infrastructure Through Subdomain Analysis

Threat Intelligence Guides

How To Track Malware Infrastructure - Identifying MatanBuchus Domains Through Hardcoded Certificate Values

Identifying malicious infrastructure through hardcoded TLS Certificates and Subdomains.

Threat Intelligence Guides

Tracking Malware Infrastructure With Passive DNS and 302 Redirects

Finding phishing domains passive DNS tooling and 302 redirects.

Threat Intelligence Guides

Tracking Gamaredon Infrastructure With Passive DNS Records and Subdomain Analysis

Leveraging Passive DNS to identify APT infrastructure. Building on public intelligence reports.

Threat Intelligence Guides

Introduction To Malware Infrastructure Analysis With Passive DNS

Malware Infrastructure Tracking Using Passive DNS Intelligence.

Threat Intelligence Guides

Practical Queries for Identifying Malware Infrastructure With FOFA

Identifying malware infrastructure with the FOFA scanner.

Threat Intelligence Guides

Identifying Qakbot Servers with Regex and TLS Certificates

Catching 83 Qakbot Servers using Regular Expressions.

Threat Intelligence Guides

How To Build Advanced Threat Intelligence Queries Utilising Regex and TLS Certificates - (BianLian)

Creating Regex Signatures on TLS Certificates with Censys.

Threat Intelligence Guides

Identifying PrivateLoader Servers with Infrastructure Queries

Refining Queries and Identifying Suspicious servers using Censys.

Threat Intelligence Guides

Practical Queries for Malware Infrastructure - Part 3 (Advanced Examples)

More interesting and practical queries for identifying malware infrastructure.