Malware of the Day
I write a monthly report for Active Countermeasures called Malware of the Day, where I simulate an intrusion and subsequent network threat hunt. All pcap + zeek logs are also provided, allowing you to get hands-on experience by emulating the investigation at home.
- C2 over NTP (goMESA)
- IPv6 Address Aliasing
- Merlin C2 Data Jitter
- Tunneling RDP with Microsoft Dev Tunnels
- Tunneling Havoc C2 with Microsoft Dev Tunnels
- Specula
- IcedID Loader to ALPHV Ransomware
- Understanding C2 Beacons – Part 2
- Understanding C2 Beacons – Part 1
- XenoRAT
- AsyncRAT
- Tunneled C2 Beaconing (Ligolo-ng)