Hunting Malicious Infrastructure using JARM and HTTP Response

Michael Koczwara

4 min readMay 16

--

Hunting QBot C2 and Brute Ratel C4 Infrastructure

In this blog, I will explain my hunting methodology with two practical examples.

QBot C2
Brute Ratel C4

I choose these two because despite the difference between Brute Ratel C4 and QBot this methodology (JARM and HTTP Response hash)…

Michael Koczwara

Written by Michael Koczwara

Security Researcher

Recommended from Medium

Antivirus vs EDR vs XDR © 2022 leeshanok

Richard de Vries
in
Tales from a Security Professional

Is EDR with Sysmon enough? Or do you need XDR as well?

Although the difference is just one letter, the level of protection is a different story…

3 min readJan 29

--

Muhammad Laraib Khan

Making Security Certification Tier List

It’s difficult to create a definitive “tier list” for security certifications, as the value and importance of a particular certification…

2 min readDec 16, 2022

--

Lists

Staff Picks

329 stories83 saves

Stories to Help You Level-Up at Work

19 stories53 saves

Self-Improvement 101

20 stories107 saves

Productivity 101

20 stories116 saves

Adam Goss

The Holy Bible of Threat Intelligence

Let’s explore the MITRE ATT&CK framework and find out why it’s the number #1 tool for any cyber threat intelligence analyst!

9 min readFeb 20

--

Sara V

Splunk Homelab Setup

Understanding Your Homelab

4 min readMar 12

--

Michael Koczwara

Sliver C2 Implant Analysis

Sliver C2 Implant Analysis

8 min readJan 12

--

David Matousek
in
Product Cybersecurity

3 Tips for Aligning Business Vision to Cybersecurity Strategy

Leaders want measurable data about cybersecurity’s progress toward creating value aligned to the business vision. They do not necessarily…

6 min readMar 13

--

See more recommendations

Help
Status
Writers
Blog
Careers
Privacy
Terms
About
Text to speech