CyberChef Tutorials
Advanced Cyberchef Techniques - Defeating Nanocore Obfuscation With Math and Flow Control
Applying Flow Control and Mathematical operators to deobfuscate a .vbs loader for Nanocore malware.
How To Use CyberChef
Decoding a Cobalt Strike script with CyberChef and VsCode.
Threat Intelligence Guides
Tracking APT SideWinder Domains With Regular Expressions, Whois Records and Domain Registrars
Threat Intelligence Guides
Tracking Malware Infrastructure Through Subdomain Analysis
Threat Intelligence Guides
Identifying malicious infrastructure through hardcoded TLS Certificates and Subdomains.
Threat Intelligence Guides
Finding phishing domains passive DNS tooling and 302 redirects.
Threat Intelligence Guides
Leveraging Passive DNS to identify APT infrastructure. Building on public intelligence reports.
Threat Intelligence Guides
Malware Infrastructure Tracking Using Passive DNS Intelligence.
Malware Analysis Guides
Identifying and Removing Obfuscation in a Self-Referencing Latrodectus Loader
Malware Analysis Guides
Advanced CyberChef techniques using Registers, Regex and Flow Control
Learn Malware Analysis and Threat Intelligence.
Identifying malware infrastructure with the FOFA scanner.
Manual analysis of Cobalt Strike Shellcode with Ghidra. Identifying function calls and resolving API hashing.
Manual identification, decryption and fixing of encrypted strings using Ghidra and x32dbg.
Catching 83 Qakbot Servers using Regular Expressions.
Creating Regex Signatures on TLS Certificates with Censys.
Leveraging Ghidra to establish context and intent behind imported functions.
Refining Queries and Identifying Suspicious servers using Censys.
Leveraging Ghidra to establish context and intent behind suspicious strings.
Manually Reversing a decryption function using Ghidra, ChatGPT and CyberChef.
More interesting and practical queries for identifying malware infrastructure.
Identifying Malware infrastructure by combining weak pivot points.
Extracting C2 configuration using the Garbageman .NET analysis tool