Michael KoczwaraThreat Intel-Pivoting using CensysHunting malicious infrastructure: Muddy Water Cyberespionage Threat Actor from Iran 🇮🇷Nov 5, 2023Nov 5, 2023
Michael KoczwaraAPT 29 Initial Access Killchain -MITRE ATT@CK MappingAPT29/Nobelium Initial Access & ATT@CK MappingMay 23, 20231May 23, 20231
InDetect FYIbyMichael KoczwaraHunting Malicious Infrastructure using JARM and HTTP ResponseHunting QBot C2 and Brute Ratel C4 InfrastructureMay 16, 20232May 16, 20232
Michael KoczwaraAdversaries Infrastructure-Ransomware Groups, APTs, and Red TeamsWhat you can learn from scanning adversaries' infra?Dec 30, 2022Dec 30, 2022
Michael KoczwaraCobalt Strike PowerShell Payload AnalysisI have spotted this interesting tweet from Malwar3Ninja and decided to take a look and analyse the Cobalt Strike PowerShell payload.Sep 1, 20211Sep 1, 20211
Michael KoczwaraCobalt Strike Hunting — DLL Hijacking/Attack AnalysisDLL Hijacking via Cobalt StrikeAug 17, 2021Aug 17, 2021
Michael KoczwaraCobalt Strike Hunting — Malleable C2 jQuery profile & rundll32 AnalysisMalleable C2 — jQuery profiles.Aug 5, 2021Aug 5, 2021
Michael KoczwaraAttack Analysis — Cobalt Strike C2 & Hancitor/MalwareIncident Response & PCAP/Attack AnalysisDec 23, 2021Dec 23, 2021
Michael KoczwaraHunting “Legit” Red Teams C2 InfrastructureThere is legit looking websiteSep 18, 2021Sep 18, 2021
InTowards AWSbyPavel ShabarkinPointer: Hunting Cobalt Strike globallyIntroductionSep 16, 2021Sep 16, 2021
Michael KoczwaraConti TTPs using Atomic Red Team and Detection Lab & C2 Infrastructure HuntingAgendaAug 26, 20211Aug 26, 20211
Michael KoczwaraCobalt Strike Hunting — simple PCAP and Beacon AnalysisLegit healthcare company.Jul 21, 2021Jul 21, 2021
Michael KoczwaraHunting C2Hunting C2/Adversaries Infrastructure with Shodan and CensysSep 1, 20221Sep 1, 20221
Michael KoczwaraMonitoring Threat Actors Cobalt Strike C2 Infrastructure with ShodanThreat Intel Tips and Shodan queriesSep 21, 2021Sep 21, 2021
Michael KoczwaraMapping and Pivoting from Cobalt Strike C2 Infrastructure Attributed to CVE-2021-40444Threat Actors Infrastructure (VT Analysis).Sep 12, 2021Sep 12, 2021
Michael KoczwaraConti Ransomware Group Cobalt Strike C2 Analysis & Persistence (Anydesk, Atera, Splash)Conti is a Ransomware-as-a-Service that was first observed in December 2019 and has been distributed via TrickBot. It has been used against…Aug 8, 2021Aug 8, 2021
Michael KoczwaraCobalt Strike Hunting, Red Teams/Threat Actors TTP’sRed Teams/Threat Actors methods in order to bypass web proxy filtering/categorizationApr 26, 2021Apr 26, 2021
