Threat Intelligence Guides
Practical Examples of URL Hunting Queries - Part 1
Practical examples of URL hunting queries.
CyberChef Tutorials
Applying Flow Control and Mathematical operators to deobfuscate a .vbs loader for Nanocore malware.
How To Use CyberChef
Decoding a Cobalt Strike script with CyberChef and VsCode.
Threat Intelligence Guides
Tracking APT SideWinder Domains With Regular Expressions, Whois Records and Domain Registrars
Threat Intelligence Guides
Tracking Malware Infrastructure Through Subdomain Analysis
Threat Intelligence Guides
Identifying malicious infrastructure through hardcoded TLS Certificates and Subdomains.
Threat Intelligence Guides
Finding phishing domains passive DNS tooling and 302 redirects.
Threat Intelligence Guides
Leveraging Passive DNS to identify APT infrastructure. Building on public intelligence reports.
Threat Intelligence Guides
Malware Infrastructure Tracking Using Passive DNS Intelligence.
Malware Analysis Guides
Identifying and Removing Obfuscation in a Self-Referencing Latrodectus Loader
Learn Malware Analysis and Threat Intelligence.
Advanced CyberChef techniques using Registers, Regex and Flow Control
Identifying malware infrastructure with the FOFA scanner.
Manual analysis of Cobalt Strike Shellcode with Ghidra. Identifying function calls and resolving API hashing.
Manual identification, decryption and fixing of encrypted strings using Ghidra and x32dbg.
Catching 83 Qakbot Servers using Regular Expressions.
Creating Regex Signatures on TLS Certificates with Censys.
Leveraging Ghidra to establish context and intent behind imported functions.
Refining Queries and Identifying Suspicious servers using Censys.
Leveraging Ghidra to establish context and intent behind suspicious strings.
Manually Reversing a decryption function using Ghidra, ChatGPT and CyberChef.
More interesting and practical queries for identifying malware infrastructure.
Identifying Malware infrastructure by combining weak pivot points.