OALabs | Leaked Conti Ransomware Playbook - Red Team Reacts @OALABS | Uploaded 3 years ago | Updated 2 hours ago
Red Team reacts to leaked Conti hacking handbook. These techniques actually work?! How can we defend against them? Expand for more...
-----
OALABS DISCORD
discord.gg/6h5Bh5AMDU
OALABS PATREON
patreon.com/oalabs
OALABS TIP JAR
ko-fi.com/oalabs
OALABS GITHUB
github.com/OALabs
UNPACME - AUTOMATED MALWARE UNPACKING
unpac.me/#
-----
Big thanks to Rob for his RedTeam perspective twitter.com/m0rv4i
More info on detection including IOCs:
labs.nettitude.com/blog/detecting-poshc2-indicators-of-compromise
Also thanks to twitter.com/James_inthe_box for the translated document:
github.com/silence-is-best/files/blob/main/translate_f.pdf
Interesting reports on the Conti kill chain from DFIR Report:
thedfirreport.com/2021/05/12/conti-ransomware
thedfirreport.com/2021/08/01/bazarcall-to-conti-ransomware-via-trickbot-and-cobalt-strike
Feedback, questions, and suggestions are always welcome : )
Sergei twitter.com/herrcore
Sean twitter.com/seanmw
As always check out our tools, tutorials, and more content over at openanalysis.net
Red Team reacts to leaked Conti hacking handbook. These techniques actually work?! How can we defend against them? Expand for more...
-----
OALABS DISCORD
discord.gg/6h5Bh5AMDU
OALABS PATREON
patreon.com/oalabs
OALABS TIP JAR
ko-fi.com/oalabs
OALABS GITHUB
github.com/OALabs
UNPACME - AUTOMATED MALWARE UNPACKING
unpac.me/#
-----
Big thanks to Rob for his RedTeam perspective twitter.com/m0rv4i
More info on detection including IOCs:
labs.nettitude.com/blog/detecting-poshc2-indicators-of-compromise
Also thanks to twitter.com/James_inthe_box for the translated document:
github.com/silence-is-best/files/blob/main/translate_f.pdf
Interesting reports on the Conti kill chain from DFIR Report:
thedfirreport.com/2021/05/12/conti-ransomware
thedfirreport.com/2021/08/01/bazarcall-to-conti-ransomware-via-trickbot-and-cobalt-strike
Feedback, questions, and suggestions are always welcome : )
Sergei twitter.com/herrcore
Sean twitter.com/seanmw
As always check out our tools, tutorials, and more content over at openanalysis.net
![What is The Future of Reverse Engineering [ Reverse Engineering AMA ]](https://i.ytimg.com/vi/lilIOWzDeBA/hqdefault.jpg "What is The Future of Reverse Engineering [ Reverse Engineering AMA ]
What is the future of reverse engineering? What should we prepare for?
Big thanks to all the reverse engineers who helped us put this together!
Rattle (Jesko)
https://twitter.com/huettenhain
https://github.com/binref/refinery
Jordan (psifertex)
https://twitter.com/psifertex
https://binary.ninja/
Karsten
https://twitter.com/struppigel
https://www.youtube.com/c/MalwareAnalysisForHedgehogs
Drakonia
https://twitter.com/dr4k0nia
https://dr4k0nia.github.io/
C3rb3ru5
https://twitter.com/c3rb3ru5d3d53c
https://c3rb3ru5d3d53c.github.io/
Josh
https://twitter.com/jershmagersh
https://pwnage.io/
Dodo
https://twitter.com/dodo_sec
https://github.com/dodo-sec
Washi
https://twitter.com/washi_dev
https://washi.dev/
OALABS PATREON
https://www.patreon.com/oalabs
OALABS DISCORD
https://discord.gg/6h5Bh5AMDU
Twitch
https://www.twitch.tv/oalabslive
OALABS GITHUB
https://github.com/OALabs
UNPACME - AUTOMATED MALWARE UNPACKING
https://www.unpac.me/#/")
![Advantages Of Intermediate Language (IL) Over Pseudo C Code [ Reverse Engineering AMA ]](https://i.ytimg.com/vi/mGktcLO166Q/hqdefault.jpg "Advantages Of Intermediate Language (IL) Over Pseudo C Code [ Reverse Engineering AMA ]
What are the advantages of using intermediate language over pseudo C? When should you use each?
Big thanks to all the reverse engineers who helped us put this together!
Rattle (Jesko)
https://twitter.com/huettenhain
https://github.com/binref/refinery
Jordan (psifertex)
https://twitter.com/psifertex
https://binary.ninja/
Karsten
https://twitter.com/struppigel
https://www.youtube.com/c/MalwareAnalysisForHedgehogs
Drakonia
https://twitter.com/dr4k0nia
https://dr4k0nia.github.io/
C3rb3ru5
https://twitter.com/c3rb3ru5d3d53c
https://c3rb3ru5d3d53c.github.io/
Josh
https://twitter.com/jershmagersh
https://pwnage.io/
Dodo
https://twitter.com/dodo_sec
https://github.com/dodo-sec
Washi
https://twitter.com/washi_dev
https://washi.dev/
OALABS PATREON
https://www.patreon.com/oalabs
OALABS DISCORD
https://discord.gg/6h5Bh5AMDU
Twitch
https://www.twitch.tv/oalabslive
OALABS GITHUB
https://github.com/OALabs
UNPACME - AUTOMATED MALWARE UNPACKING
https://www.unpac.me/#/")
![Tips For Writing a .NET Static Config Extractor for Malware [ Reverse Engineering AMA ]](https://i.ytimg.com/vi/n435uL01T_E/hqdefault.jpg "Tips For Writing a .NET Static Config Extractor for Malware [ Reverse Engineering AMA ]
What are some tips for dealing with static config extraction of .NET malware?
Big thanks to all the reverse engineers who helped us put this together!
Rattle (Jesko)
https://twitter.com/huettenhain
https://github.com/binref/refinery
Jordan (psifertex)
https://twitter.com/psifertex
https://binary.ninja/
Karsten
https://twitter.com/struppigel
https://www.youtube.com/c/MalwareAnalysisForHedgehogs
Drakonia
https://twitter.com/dr4k0nia
https://dr4k0nia.github.io/
C3rb3ru5
https://twitter.com/c3rb3ru5d3d53c
https://c3rb3ru5d3d53c.github.io/
Josh
https://twitter.com/jershmagersh
https://pwnage.io/
Dodo
https://twitter.com/dodo_sec
https://github.com/dodo-sec
Washi
https://twitter.com/washi_dev
https://washi.dev/
OALABS PATREON
https://www.patreon.com/oalabs
OALABS DISCORD
https://discord.gg/6h5Bh5AMDU
Twitch
https://www.twitch.tv/oalabslive
OALABS GITHUB
https://github.com/OALabs
UNPACME - AUTOMATED MALWARE UNPACKING
https://www.unpac.me/#/")
