PinnedMichael KoczwaraCobalt Strike PowerShell Payload AnalysisI have spotted this interesting tweet from Malwar3Ninja and decided to take a look and analyse the Cobalt Strike PowerShell payload.Sep 1, 2021Sep 1, 2021
PinnedMichael KoczwaraCobalt Strike Hunting — DLL Hijacking/Attack AnalysisDLL Hijacking via Cobalt StrikeAug 17, 2021Aug 17, 2021
PinnedMichael KoczwaraCobalt Strike Hunting — Malleable C2 jQuery profile & rundll32 AnalysisMalleable C2 — jQuery profiles.Aug 5, 2021Aug 5, 2021
PinnedMichael KoczwaraCobalt Strike Hunting — simple PCAP and Beacon AnalysisLegit healthcare company.Jul 21, 2021Jul 21, 2021
Michael KoczwarainDetect FYIHunting Malicious Infrastructure-Headers and Hardcoded/Static StringsIn my last blog Hunting Malicious Infrastructure using JARM and HTTP ResponseDec 5, 2023Dec 5, 2023
Michael KoczwaraThreat Intel-Pivoting using CensysHunting malicious infrastructure: Muddy Water Cyberespionage Threat Actor from Iran 🇮🇷Nov 5, 2023Nov 5, 2023
Michael KoczwaraAPT 29 Initial Access Killchain -MITRE ATT@CK MappingAPT29/Nobelium Initial Access & ATT@CK MappingMay 23, 20231May 23, 20231
Michael KoczwarainDetect FYIHunting Malicious Infrastructure using JARM and HTTP ResponseHunting QBot C2 and Brute Ratel C4 InfrastructureMay 16, 2023May 16, 2023