Date Author Title
2025-02-27Xavier MertensNjrat Campaign Using Microsoft Dev Tunnels
2023-08-25Xavier MertensPython Malware Using Postgresql for C2 Communications
2022-10-24Xavier MertensC2 Communications Through outlook.com
2022-10-07Xavier MertensPowershell Backdoor with DGA Capability
2021-11-07Didier StevensVideo: Decrypting Cobalt Strike Traffic With Keys Extracted From Process Memory
2021-11-06Didier StevensDecrypting Cobalt Strike Traffic With Keys Extracted From Process Memory
2021-10-25Didier StevensDecrypting Cobalt Strike Traffic With a "Leaked" Private Key
2021-08-20Xavier MertensWaiting for the C2 to Show Up
2021-05-28Xavier MertensMalicious PowerShell Hosted on script.google.com
2021-04-02Xavier MertensC2 Activity: Sandboxes or Real Victims?
2021-03-19Xavier MertensPastebin.com Used As a Simple C2 Channel
2020-12-10Xavier MertensPython Backdoor Talking to a C2 Through Ngrok
2018-06-15Lorna HutchesonSMTP Strangeness - Possible C2
2014-02-27Richard PorterDDoS and BCP 38
2012-05-16Johannes UllrichGot Packets? Odd duplicate DNS replies from 10.x IP Addresses
2010-02-17Rob VandenBrinkDefining Clouds - " A Cloud by any Other Name Would be a Lot Less Confusing"
2008-04-22donald smithXP SP3 RC2 Available