| 2024-09-25 |
Red Teaming in the age of EDR: Evasion of Endpoint Detection Through Malware Virtualisation |
Blog ‧ Fox-SRT |
|
| 2024-04-25 |
Sifting through the spines: identifying (potential) Cactus ransomware victims |
Blog ‧ Fox-SRT |
|
| 2024-03-28 |
Android Malware Vultur Expands Its Wingspan |
Uncategorized ‧ Fox-SRT |
|
| 2023-08-15 |
Approximately 2000 Citrix NetScalers backdoored in mass-exploitation campaign |
Uncategorized ‧ Fox-SRT |
|
| 2023-02-22 |
From Backup to Backdoor: Exploitation of CVE-2022-36537 in R1Soft Server Backup Manager |
Blog ‧ Global Threat Intelligence |
|
| 2023-02-15 |
Threat spotlight: Hydra |
Threat Intelligence ‧ Global Threat Intelligence |
|
| 2022-12-28 |
CVE-2022-27510, CVE-2022-27518 – Measuring Citrix ADC & Gateway version adoption on the Internet |
Blog ‧ Fox-SRT |
|
| 2022-12-12 |
One Year Since Log4Shell: Lessons Learned for the next ‘code red’ |
Uncategorized ‧ Fox-SRT |
|
| 2022-10-18 |
I’m in your hypervisor, collecting your evidence |
Uncategorized ‧ Fox IT |
|
| 2022-09-02 |
Sharkbot is back in Google Play |
Uncategorized ‧ Global Threat Intelligence |
|
| 2022-08-12 |
Detecting DNS implants: Old kitten, new tricks – A Saitama Case Study |
Uncategorized ‧ Joost Jansen |
|
| 2022-06-30 |
Flubot: the evolution of a notorious Android Banking Malware |
Uncategorized ‧ Global Threat Intelligence |
|
| 2022-04-29 |
Adventures in the land of BumbleBee |
Uncategorized ‧ Global Threat Intelligence |
|
| 2022-03-04 |
SharkBot: a “new” generation Android banking Trojan being distributed on Google Play Store |
Uncategorized ‧ Joost Jansen |
|
| 2021-12-14 |
log4j-jndi-be-gone: A simple mitigation for CVE-2021-44228 |
Uncategorized ‧ Joost Jansen |
|
| 2021-12-13 |
Log4Shell: Reconnaissance and post exploitation network detection |
Uncategorized ‧ Joost Jansen |
|
| 2021-12-07 |
Encryption Does Not Equal Invisibility – Detecting Anomalous TLS Certificates with the Half-Space-Trees Algorithm |
Blog ‧ Joost Jansen |
|
| 2021-12-02 |
Tracking a P2P network related to TA505 |
Uncategorized ‧ Joost Jansen |
|
| 2021-11-09 |
TA505 exploits SolarWinds Serv-U vulnerability (CVE-2021-35211) for initial access |
Uncategorized ‧ Fox IT |
|
| 2021-10-12 |
Reverse engineering and decrypting CyberArk vault credential files |
Uncategorized ‧ Jelle Vergeer |
|
| 2021-10-12 |
SnapMC skips ransomware, steals data |
Blog ‧ mikestokkel |
|
| 2021-05-04 |
RM3 – Curiosities of the wildest banking malware |
Threat Intelligence ‧ riftsle |
|
| 2021-03-24 |
Abusing cloud services to fly under the radar |
Blog ‧ Wouter Jansen |
|
| 2021-03-24 |
TA505: A Brief History Of Their Time |
Uncategorized ‧ Antonis Terefos |
|
| 2021-03-24 |
Decrypting OpenSSH sessions for fun and profit |
Uncategorized ‧ Jelle Vergeer |
|
| 2021-03-24 |
StreamDivert: Relaying (specific) network connections |
audits ‧ Jelle Vergeer |
|
| 2021-03-24 |
Machine learning from idea to reality: a PowerShell case study |
Uncategorized ‧ Joost Jansen |
|
| 2021-03-24 |
A Second Look at CVE-2019-19781 (Citrix NetScaler / ADC) |
Uncategorized ‧ Fox IT |
|
| 2021-03-24 |
WastedLocker: A New Ransomware Variant Developed By The Evil Corp Group |
Blog ‧ nccsante |
|
| 2021-03-24 |
In-depth analysis of the new Team9 malware family |
Threat Intelligence ‧ krijndemik |
|
| 2020-03-19 |
LDAPFragger: Command and Control over LDAP attributes |
audits ‧ rindertkramer |
|
| 2020-01-15 |
Hunting for beacons |
Uncategorized ‧ Fox IT |
|
| 2019-10-16 |
Detecting random filenames using (un)supervised machine learning |
Uncategorized ‧ Fox IT |
|
| 2019-09-11 |
Office 365: prone to security breaches? |
Blog ‧ Fox IT |
|
| 2019-06-11 |
Using Anomaly Detection to find malicious domains |
Blog ‧ Fox IT |
|
| 2019-06-06 |
Syncing yourself to Global Administrator in Azure Active Directory |
Blog ‧ dirkjanm |
|
| 2019-06-04 |
Export corrupts Windows Event Log files |
Blog ‧ Fox IT |
|
| 2019-05-08 |
Getting in the Zone: dumping Active Directory DNS using adidnsdump |
Blog ‧ dirkjanm |
|
| 2019-05-08 |
mkYARA – Writing YARA rules for the lazy analyst |
Threat Intelligence ‧ Jelle Vergeer |
|
| 2019-05-08 |
PsiXBot: The Evolution Of A Modular .NET Bot |
Threat Intelligence ‧ maartenvandantzigfoxit |
|
| 2019-05-08 |
Identifying Cobalt Strike team servers in the wild |
Threat Intelligence ‧ maartenvandantzigfoxit |
|
| 2019-05-08 |
Your trust, our signature |
audits ‧ rindertkramer |
|
| 2019-05-08 |
Phishing – Ask and ye shall receive |
audits ‧ rindertkramer |
|
| 2019-05-08 |
Bokbot: The (re)birth of a banker |
Blog ‧ alfredklason |
|
| 2019-05-08 |
Introducing Team Foundation Server decryption tool |
|
|
| 2019-05-08 |
Introducing Orchestrator decryption tool |
|
|
| 2019-05-08 |
Escalating privileges with ACLs in Active Directory |
|
|
