Content Paint
Search
Sign in

Embee Research

Malware Analysis and Threat Intelligence Research

Threat Intelligence  | Apr 11, 2024
Tracking Malicious Infrastructure With DNS Records - Vultur Banking Trojan
/
Tracking Malicious Infrastructure With DNS Records - Vultur Banking Trojan
Threat Intelligence  | Apr 04, 2024
Identifying MatanBuchus Domains Through Hardcoded Certificate Values
/
Identifying MatanBuchus Domains Through Hardcoded Certificate Values
Threat Intelligence  | Apr 01, 2024
Passive DNS For Phishing Link Analysis - Identifying 36 Latrodectus Domains With Historical Records and 302 Redirects
/
Passive DNS For Phishing Link Analysis - Identifying 36 Latrodectus Domains With Historical Records and 302 Redirects
Threat Intelligence  | Mar 30, 2024
Passive DNS Pivoting - Uncovering APT Infrastructure Through Historical Records and Subdomain Analysis
/
Passive DNS Pivoting - Uncovering APT Infrastructure Through Historical Records and Subdomain Analysis
Threat Intelligence  | Mar 27, 2024
Introduction To Discovering Malicious Infrastructure Through Passive DNS Pivoting
/
Introduction To Discovering Malicious Infrastructure Through Passive DNS Pivoting
CyberChef  | Mar 25, 2024
Latrodectus Deobfuscation - Removal of Junk Comments and Self-Referencing Code
/
Latrodectus Deobfuscation - Removal of Junk Comments and Self-Referencing Code

Read Our Latest Posts

Latest Posts

42 Posts
Threat Intelligence  | Apr 11, 2024
Tracking Malicious Infrastructure With DNS Records - Vultur Banking Trojan
Tracking Malicious Infrastructure With DNS Records - Vultur Banking Trojan

Tracking Malicious Infrastructure Of the Vultur Banking Trojan.

Threat Intelligence  | Apr 04, 2024
Identifying MatanBuchus Domains Through Hardcoded Certificate Values
Identifying MatanBuchus Domains Through Hardcoded Certificate Values

Identifying malicious infrastructure through hardcoded TLS Certificates and Subdomains.

Threat Intelligence  | Apr 01, 2024
Passive DNS For Phishing Link Analysis - Identifying 36 Latrodectus Domains With Historical Records and 302 Redirects
Passive DNS For Phishing Link Analysis - Identifying 36 Latrodectus Domains With Historical Records and 302 Redirects

Finding phishing domains passive DNS tooling and 302 redirects.

Threat Intelligence  | Mar 30, 2024
Passive DNS Pivoting - Uncovering APT Infrastructure Through Historical Records and Subdomain Analysis
Passive DNS Pivoting - Uncovering APT Infrastructure Through Historical Records and Subdomain Analysis

Leveraging Passive DNS to identify APT infrastructure. Building on public intelligence reports.

Threat Intelligence  | Mar 27, 2024
Introduction To Discovering Malicious Infrastructure Through Passive DNS Pivoting
Introduction To Discovering Malicious Infrastructure Through Passive DNS Pivoting

Malware Infrastructure Tracking Using Passive DNS Intelligence.

CyberChef  | Mar 25, 2024
Latrodectus Deobfuscation - Removal of Junk Comments and Self-Referencing Code
Latrodectus Deobfuscation - Removal of Junk Comments and Self-Referencing Code

Identifying and Removing Obfuscation in a Self-Referencing Latrodectus Loader

CyberChef  | Feb 26, 2024
Advanced CyberChef Techniques for Configuration Extraction - Detailed Walkthrough and Examples
Advanced CyberChef Techniques for Configuration Extraction - Detailed Walkthrough and Examples

Advanced CyberChef techniques using Registers, Regex and Flow Control

Threat Intelligence  | Jan 01, 2024
Practical Queries for Identifying Malware Infrastructure With FOFA
Practical Queries for Identifying Malware Infrastructure With FOFA

Identifying malware infrastructure with the FOFA scanner.

Reverse Engineering  | Dec 08, 2023
How to Use Ghidra to Analyse Shellcode and Extract Cobalt Strike Command & Control Servers
How to Use Ghidra to Analyse Shellcode and Extract Cobalt Strike Command & Control Servers

Manual analysis of Cobalt Strike Shellcode with Ghidra. Identifying function calls and resolving API hashing.

Browse by Tags

10 Tags
Censys
CyberChef
CyberChef
Debugger Tutorials
Detection Engineering
Detection Engineering
DNS
Dnspy
Dnspy
Ghidra
Ghidra
Reverse Engineering
Threat Intelligence
Validin
Your link has expired. Please request a new one.
Your link has expired. Please request a new one.
Your link has expired. Please request a new one.
Great! You've successfully signed up.
Great! You've successfully signed up.
Welcome back! You've successfully signed in.
Success! You now have access to additional content.