Michael Koczwara – Medium

Michael Koczwara

Pinned

LAPSUS$ TTPs

LAPSUSS TTPs & MITRE ATT&CK Mapping

Mar 31, 2022

LAPSUS$ TTPs

Mar 31, 2022

Pinned

Cobalt Strike PowerShell Payload Analysis

I have spotted this interesting tweet from Malwar3Ninja and decided to take a look and analyse the Cobalt Strike PowerShell payload.

Sep 1, 2021

Cobalt Strike PowerShell Payload Analysis

Sep 1, 2021

Pinned

Cobalt Strike Hunting — DLL Hijacking/Attack Analysis

DLL Hijacking via Cobalt Strike

Aug 17, 2021

Cobalt Strike Hunting — DLL Hijacking/Attack Analysis

Aug 17, 2021

Pinned

Cobalt Strike Hunting — Malleable C2 jQuery profile & rundll32 Analysis

Malleable C2 — jQuery profiles.

Aug 5, 2021

Aug 5, 2021

Pinned

Cobalt Strike Hunting — simple PCAP and Beacon Analysis

Legit healthcare company.

Jul 21, 2021

Cobalt Strike Hunting — simple PCAP and Beacon Analysis

Jul 21, 2021

Published in
Detect FYI

Hunting Malicious Infrastructure-Headers and Hardcoded/Static Strings

In my last blog Hunting Malicious Infrastructure using JARM and HTTP Response

Dec 5, 2023

Hunting Malicious Infrastructure-Headers and Hardcoded/Static Strings

Dec 5, 2023

Threat Intel-Pivoting using Censys

Hunting malicious infrastructure: Muddy Water Cyberespionage Threat Actor from Iran 🇮🇷

Nov 5, 2023

Threat Intel-Pivoting using Censys

Nov 5, 2023

APT 29 Initial Access Killchain -MITRE ATT@CK Mapping

APT29/Nobelium Initial Access & ATT@CK Mapping

May 23, 2023

APT 29 Initial Access Killchain -MITRE ATT@CK Mapping

May 23, 2023

Published in
Detect FYI

Hunting Malicious Infrastructure using JARM and HTTP Response

Hunting QBot C2 and Brute Ratel C4 Infrastructure

May 16, 2023

Hunting Malicious Infrastructure using JARM and HTTP Response

May 16, 2023

Malicious DLL Analysis

Static/Dynamic Analysis and Reversing

Feb 20, 2023

Malicious DLL Analysis

Feb 20, 2023

Sliver C2 Implant Analysis

Sliver C2 Implant Analysis

Jan 12, 2023

Sliver C2 Implant Analysis

Jan 12, 2023

Adversaries Infrastructure-Ransomware Groups, APTs, and Red Teams

What you can learn from scanning adversaries' infra?

Dec 30, 2022

Adversaries Infrastructure-Ransomware Groups, APTs, and Red Teams

Dec 30, 2022

Hunting C2

Hunting C2/Adversaries Infrastructure with Shodan and Censys

Sep 1, 2022

Hunting C2

Sep 1, 2022

Follina (CVE-2022–30190) & Cobalt Strike C2 -Simple Analysis

Follina CVE-2022–30190 & Cobalt Strike C2

Jun 29, 2022

Follina (CVE-2022–30190) & Cobalt Strike C2 -Simple Analysis

Jun 29, 2022

Diamond Model of Intrusion Analysis in Practice

LetsDefend: SOC171-Spring4Shell

May 30, 2022

Diamond Model of Intrusion Analysis in Practice

May 30, 2022

LetsDefend: Suspicious Certutil.exe Usage

LetsDefend — SOC163 WriteUp

May 25, 2022

LetsDefend: Suspicious Certutil.exe Usage

May 25, 2022

Server-Side Request Forgery (SSRF)- PortSwigger Labs

Lab: Blind SSRF with out-of-band detection

Apr 21, 2022

Server-Side Request Forgery (SSRF)- PortSwigger Labs

Apr 21, 2022

Server-Side Request Forgery (SSRF)- PortSwigger Labs

Lab: SSRF with filter bypass via open redirection vulnerability

Apr 20, 2022

Server-Side Request Forgery (SSRF)- PortSwigger Labs

Apr 20, 2022

Server-Side Request Forgery (SSRF)- PortSwigger Labs

Lab: SSRF with blacklist-based input filter

Apr 18, 2022

Server-Side Request Forgery (SSRF)- PortSwigger Labs

Apr 18, 2022

Server-Side Request Forgery (SSRF)- PortSwigger Labs

Lab: Basic SSRF against another back-end system

Apr 17, 2022

Server-Side Request Forgery (SSRF)- PortSwigger Labs

Apr 17, 2022

Michael Koczwara

Michael Koczwara

Threat Researcher

Lists

Hunting Malicious Infrastructure

21 stories7 saves

Blue Team Labs (HTB, THM and LetsDefend)

8 stories2 saves

PortSwigger Labs - SSRF

5 stories1 save

Help
Status
About
Careers
Press
Blog
Privacy
Terms
Text to speech
Teams