Content Paint
Search
Sign in

Embee Research

Malware Analysis and Threat Intelligence Research

Threat Intelligence  | Apr 11, 2024
Tracking Malicious Infrastructure With DNS Records - Vultur Banking Trojan
/
Tracking Malicious Infrastructure With DNS Records - Vultur Banking Trojan
Threat Intelligence  | Apr 04, 2024
Identifying MatanBuchus Domains Through Hardcoded Certificate Values
/
Identifying MatanBuchus Domains Through Hardcoded Certificate Values
Threat Intelligence  | Apr 01, 2024
Passive DNS For Phishing Link Analysis - Identifying 36 Latrodectus Domains With Historical Records and 302 Redirects
/
Passive DNS For Phishing Link Analysis - Identifying 36 Latrodectus Domains With Historical Records and 302 Redirects
Threat Intelligence  | Mar 30, 2024
Passive DNS Pivoting - Uncovering APT Infrastructure Through Historical Records and Subdomain Analysis
/
Passive DNS Pivoting - Uncovering APT Infrastructure Through Historical Records and Subdomain Analysis
Threat Intelligence  | Mar 27, 2024
Introduction To Discovering Malicious Infrastructure Through Passive DNS Pivoting
/
Introduction To Discovering Malicious Infrastructure Through Passive DNS Pivoting
CyberChef  | Mar 25, 2024
Latrodectus Deobfuscation - Removal of Junk Comments and Self-Referencing Code
/
Latrodectus Deobfuscation - Removal of Junk Comments and Self-Referencing Code

Read Our Latest Posts

Latest Posts

42 Posts
Reverse Engineering  | Dec 05, 2023
Ghidra Basics - Identifying, Decoding and Fixing Encrypted Strings
Ghidra Basics - Identifying, Decoding and Fixing Encrypted Strings

Manual identification, decryption and fixing of encrypted strings using Ghidra and x32dbg.

Threat Intelligence  | Nov 30, 2023
Advanced Threat Intel Queries - Catching 83 Qakbot Servers with Regex, Censys and TLS Certificates
Advanced Threat Intel Queries - Catching 83 Qakbot Servers with Regex, Censys and TLS Certificates

Catching 83 Qakbot Servers using Regular Expressions.

Threat Intelligence  | Nov 27, 2023
Building Advanced Threat Intel Queries Utilising Regex and TLS Certificates - (BianLian)
Building Advanced Threat Intel Queries Utilising Regex and TLS Certificates - (BianLian)

Creating Regex Signatures on TLS Certificates with Censys.

Reverse Engineering  | Nov 26, 2023
Ghidra Basics - Pivoting From Imported Funtions
Ghidra Basics - Pivoting From Imported Funtions

Leveraging Ghidra to establish context and intent behind imported functions.

Threat Intelligence  | Nov 26, 2023
Identifying Suspected PrivateLoader Servers with Censys
Identifying Suspected PrivateLoader Servers with Censys

Refining Queries and Identifying Suspicious servers using Censys.

Reverse Engineering  | Nov 24, 2023
Ghidra Basics - Pivoting from String Cross References
Ghidra Basics - Pivoting from String Cross References

Leveraging Ghidra to establish context and intent behind suspicious strings.

Reverse Engineering  | Nov 24, 2023
Ghidra Basics - Manual Shellcode Decryption
Ghidra Basics - Manual Shellcode Decryption

Manually Reversing a decryption function using Ghidra, ChatGPT and CyberChef.

Threat Intelligence  | Nov 22, 2023
Practical Queries for Malware Infrastructure - Part 3 (Advanced Examples)
Practical Queries for Malware Infrastructure - Part 3 (Advanced Examples)

More interesting and practical queries for identifying malware infrastructure.

Threat Intelligence  | Nov 19, 2023
Combining Pivot Points to Identify Malware Infrastructure - Redline, Smokeloader and Cobalt Strike
Combining Pivot Points to Identify Malware Infrastructure - Redline, Smokeloader and Cobalt Strike

Identifying Malware infrastructure by combining weak pivot points.

Browse by Tags

10 Tags
Censys
CyberChef
CyberChef
Debugger Tutorials
Detection Engineering
Detection Engineering
DNS
Dnspy
Dnspy
Ghidra
Ghidra
Reverse Engineering
Threat Intelligence
Validin
Your link has expired. Please request a new one.
Your link has expired. Please request a new one.
Your link has expired. Please request a new one.
Great! You've successfully signed up.
Great! You've successfully signed up.
Welcome back! You've successfully signed in.
Success! You now have access to additional content.