Threat Intelligence Guides
Combining Pivot Points to Identify Malware Infrastructure - Redline, Smokeloader and Cobalt Strike
Identifying Malware infrastructure by combining weak pivot points.
Threat Intelligence Guides
Threat Intelligence Guides
Identifying Simple Pivot Points in Malware Infrastructure - RisePro Stealer
Identifying Simple pivot points in RisePro Stealer Infrastructure using Censys.
Threat Intelligence Guides
Practical Queries for Identifying Malware Infrastructure - Part 2
Threat Intelligence Queries with Censys.
Threat Intelligence Guides
Threat Intelligence Query Examples - Real World Queries for Identifying Malware Infrastructure
An informal page for storing Censys/Shodan queries
Threat Intelligence Guides
Shodan Query Guide - How To Track Amadey Bot Infrastructure With TLS Certificates and Russian Profanity
Identifying Amadey Bot Servers Using Shodan.
Threat Intelligence Guides
How To Track Malware Infrastructure - Identifying Laplas Infrastructure Using Hardcoded TLS Certificates
Identification of Laplas infrastructure with Shodan and Censys.
Threat Intelligence Guides
How To Track Quasar Rat C2 Infrastructure Using TLS Certificates
Extraction of Quasar C2 configuration via Dnspy, and using this information to pivot to additional servers utilising Shodan and Censys.