Date Author Title
2025-07-30Johannes UllrichSecuring Firebase: Lessons Re-Learned from the Tea Breach
2025-05-06Xavier MertensPython InfoStealer with Embedded Phishing Webserver
2025-04-15Xavier MertensOnline Services Again Abused to Exfiltrate Data
2025-01-29Xavier MertensFrom PowerShell to a Python Obfuscation Race!
2025-01-28Xavier MertensFileless Python InfoStealer Targeting Exodus
2024-12-18Jesse La Grew[Guest Diary] A Deep Dive into TeamTNT and Spinning YARN
2024-11-30Xavier MertensFrom a Regular Infostealer to its Obfuscated Version
2024-11-22Xavier MertensAn Infostealer Searching for « BIP-0039 » Data
2024-11-07Xavier MertensSteam Account Checker Poisoned with Infostealer
2024-10-09Xavier MertensFrom Perfctl to InfoStealer
2024-09-18Xavier MertensPython Infostealer Patching Windows Exodus App
2024-08-27Xavier MertensWhy Is Python so Popular to Infect Windows Hosts?
2024-07-26Xavier MertensExelaStealer Delivered "From Russia With Love"
2024-05-31Xavier Mertens"K1w1" InfoStealer Uses gofile.io for Exfiltration
2024-02-20Xavier MertensPython InfoStealer With Dynamic Sandbox Detection
2024-01-25Xavier MertensFacebook AdsManager Targeted by a Python Infostealer
2023-12-22Xavier MertensShall We Play a Game?
2023-09-29Xavier MertensAre You Still Storing Passwords In Plain Text Files?
2023-07-01Russ McReeSandfly Security
2023-05-09Russ McReeExploratory Data Analysis with CISSM Cyber Attacks Database - Part 2
2023-05-04Xavier MertensInfostealer Embedded in a Word Document
2023-03-01Xavier MertensPython Infostealer Targeting Gamers
2022-12-18Guy BruneauInfostealer Malware with Double Extension
2022-09-23Xavier MertensKids Like Cookies, Malware Too!
2022-09-19Russ McReeChainsaw: Hunt, search, and extract event log records
2022-08-11Xavier MertensInfoStealer Script Based on Curl and NSudo
2022-06-10Russ McReeEPSScall: An Exploit Prediction Scoring System App
2022-04-06Brad DuncanWindows MetaStealer Malware
2022-03-23Brad DuncanArkei Variants: From Vidar to Mars Stealer
2022-03-09Xavier MertensInfostealer in a Batch File
2021-12-28Russ McReeLotL Classifier tests for shells, exfil, and miners
2021-12-21Xavier MertensMore Undetected PowerShell Dropper
2021-12-01Xavier MertensInfo-Stealer Using webhook.site to Exfiltrate Data
2021-07-09Brad DuncanHancitor tries XLL as initial malware file
2021-06-30Brad DuncanJune 2021 Forensic Contest: Answers and Analysis
2021-04-06Jan KoprivaMalspam with Lokibot vs. Outlook and RFCs
2021-03-31Xavier MertensQuick Analysis of a Modular InfoStealer
2021-03-06Xavier MertensSpotting the Red Team on VirusTotal!
2021-03-02Russ McReeAdversary Simulation with Sim
2021-01-19Russ McReeGordon for fast cyber reputation checks
2020-10-23Russ McReeSooty: SOC Analyst's All-in-One Tool
2020-08-12Russ McReeTo the Brim at the Gates of Mordor Pt. 1
2020-06-30Russ McReeISC Snapshot: SpectX IP Hitcount Query
2020-04-21Russ McReeSpectX: Log Parser for DFIR
2020-02-27Xavier MertensOffensive Tools Are For Blue Teams Too
2020-01-21Russ McReeDeepBlueCLI: Powershell Threat Hunting
2019-11-29Russ McReeISC Snapshot: Search with SauronEye
2019-11-27Brad DuncanFinding an Agent Tesla malware sample
2019-11-08Xavier MertensMicrosoft Apps Diverted from Their Main Use
2019-10-09Brad DuncanWhat data does Vidar malware steal from an infected host?
2019-10-06Russ McReevisNetwork for Network Data
2019-08-21Russ McReeKAPE: Kroll Artifact Parser and Extractor
2019-07-16Russ McReeCommando VM: The Complete Mandiant Offensive VM
2019-04-05Russ McReeBeagle: Graph transforms for DFIR data & logs
2019-02-05Rob VandenBrinkMitigations against Mimikatz Style Attacks
2019-01-24Brad DuncanMalspam with Word docs uses macro to run Powershell script and steal system data
2018-10-17Russ McReeRedHunt Linux - Adversary Emulation, Threat Hunting & Intelligence
2018-06-16Russ McReeAnomaly Detection & Threat Hunting with Anomalize
2017-03-08Xavier MertensNot All Malware Samples Are Complex
2012-04-23Russ McReeEmergency Operations Centers & Security Incident Management: A Correlation
2011-03-25Kevin ListonAPT Tabletop Exercise
2010-01-22Mari NicholsPass-down for a Successful Incident Response
2010-01-14Bojan ZdrnjaDRG (Dragon Research Group) Distro available for general release
2009-03-22Mari NicholsDealing with Security Challenges