Content Paint

Embee Research

Malware Analysis and Threat Intelligence Research

Threat Intelligence  | Apr 11, 2024
Tracking Malicious Infrastructure With DNS Records - Vultur Banking Trojan
Threat Intelligence  | Apr 04, 2024
Identifying MatanBuchus Domains Through Hardcoded Certificate Values
Threat Intelligence  | Apr 01, 2024
Passive DNS For Phishing Link Analysis - Identifying 36 Latrodectus Domains With Historical Records and 302 Redirects
Threat Intelligence  | Mar 30, 2024
Passive DNS Pivoting -  Uncovering APT Infrastructure Through Historical Records and Subdomain Analysis
Threat Intelligence  | Mar 27, 2024
Introduction To Discovering Malicious Infrastructure Through Passive DNS Pivoting
CyberChef  | Mar 25, 2024
Latrodectus Deobfuscation - Removal of Junk Comments and Self-Referencing Code

Read Our Latest Posts

Latest Posts

42 Posts
Ghidra Basics - Identifying, Decoding and Fixing Encrypted Strings

Manual identification, decryption and fixing of encrypted strings using Ghidra and x32dbg.

Building Advanced Threat Intel Queries Utilising Regex and TLS Certificates - (BianLian)

Creating Regex Signatures on TLS Certificates with Censys.

Ghidra Basics - Pivoting From Imported Funtions

Leveraging Ghidra to establish context and intent behind imported functions.

Identifying Suspected PrivateLoader Servers with Censys

Refining Queries and Identifying Suspicious servers using Censys.

Ghidra Basics - Pivoting from String Cross References

Leveraging Ghidra to establish context and intent behind suspicious strings.

Ghidra Basics - Manual Shellcode Decryption

Manually Reversing a decryption function using Ghidra, ChatGPT and CyberChef.

Practical Queries for Malware Infrastructure - Part 3 (Advanced Examples)

More interesting and practical queries for identifying malware infrastructure.

Combining Pivot Points to Identify Malware Infrastructure - Redline, Smokeloader and Cobalt Strike

Identifying Malware infrastructure by combining weak pivot points.

Browse by Tags

10 Tags
Your link has expired. Please request a new one.
Your link has expired. Please request a new one.
Your link has expired. Please request a new one.
Great! You've successfully signed up.
Great! You've successfully signed up.
Welcome back! You've successfully signed in.
Success! You now have access to additional content.