DLL HIJACKING |
| 2016-06-03 | Tom Liston | MySQL is YourSQL |
| 2010-08-23 | Bojan Zdrnja | DLL hijacking vulnerabilities |
DLL |
| 2025-03-18/a> | Xavier Mertens | Python Bot Delivered Through DLL Side-Loading |
| 2023-06-22/a> | Brad Duncan | Qakbot (Qbot) activity, obama271 distribution tag |
| 2023-02-28/a> | Brad Duncan | BB17 distribution Qakbot (Qbot) activity |
| 2023-02-24/a> | Brad Duncan | URL files and WebDAV used for IcedID (Bokbot) infection |
| 2022-11-04/a> | Xavier Mertens | Remcos Downloader with Unicode Obfuscation |
| 2022-08-24/a> | Brad Duncan | Monster Libra (TA551/Shathak) --> IcedID (Bokbot) --> Cobalt Strike & DarkVNC |
| 2022-07-07/a> | Brad Duncan | Emotet infection with Cobalt Strike |
| 2022-04-06/a> | Brad Duncan | Windows MetaStealer Malware |
| 2022-01-21/a> | Xavier Mertens | Obscure Wininet.dll Feature? |
| 2021-12-22/a> | Brad Duncan | December 2021 Forensic Contest: Answers and Analysis |
| 2021-12-02/a> | Brad Duncan | TA551 (Shathak) pushes IcedID (Bokbot) |
| 2021-11-19/a> | Xavier Mertens | Downloader Disguised as Excel Add-In (XLL) |
| 2021-11-16/a> | Brad Duncan | Emotet Returns |
| 2021-10-21/a> | Brad Duncan | "Stolen Images Evidence" campaign pushes Sliver-based malware |
| 2021-09-08/a> | Brad Duncan | "Stolen Images Evidence" Campaign Continues Pushing BazarLoader Malware |
| 2021-07-06/a> | Xavier Mertens | Python DLL Injection Check |
| 2021-06-04/a> | Xavier Mertens | Russian Dolls VBS Obfuscation |
| 2021-05-21/a> | Xavier Mertens | Locking Kernel32.dll As Anti-Debugging Technique |
| 2021-05-18/a> | Xavier Mertens | From RunDLL32 to JavaScript then PowerShell |
| 2021-03-31/a> | Xavier Mertens | Quick Analysis of a Modular InfoStealer |
| 2021-03-03/a> | Brad Duncan | Qakbot infection with Cobalt Strike |
| 2021-02-17/a> | Brad Duncan | Malspam pushing Trickbot gtag rob13 |
| 2021-02-11/a> | Jan Kopriva | Agent Tesla hidden in a historical anti-malware tool |
| 2021-01-26/a> | Brad Duncan | TA551 (Shathak) Word docs push Qakbot (Qbot) |
| 2021-01-20/a> | Brad Duncan | Qakbot activity resumes after holiday break |
| 2020-09-10/a> | Brad Duncan | Recent Dridex activity |
| 2020-08-28/a> | Xavier Mertens | Example of Malicious DLL Injected in PowerShell |
| 2020-06-10/a> | Brad Duncan | Job application-themed malspam pushes ZLoader |
| 2020-05-13/a> | Brad Duncan | Malspam with links to zip archives pushes Dridex malware |
| 2020-04-08/a> | Brad Duncan | German malspam pushes ZLoader malware |
| 2020-03-25/a> | Brad Duncan | Recent Dridex activity |
| 2018-11-06/a> | Xavier Mertens | Malicious Powershell Script Dissection |
| 2018-08-21/a> | Xavier Mertens | Malicious DLL Loaded Through AutoIT |
| 2016-06-03/a> | Tom Liston | MySQL is YourSQL |
| 2015-09-29/a> | Pedro Bueno | Tricks for DLL analysis |
| 2013-11-09/a> | Guy Bruneau | IE Zero-Day Vulnerability Exploiting msvcrt.dll |
| 2010-12-01/a> | Deborah Hale | McAfee Security Bulletin Released |
| 2010-08-23/a> | Bojan Zdrnja | DLL hijacking vulnerabilities |
| 2010-08-05/a> | Manuel Humberto Santander Pelaez | Adobe Acrobat Font Parsing Integer Overflow Vulnerability |
| 2006-09-19/a> | Swa Frantzen | Yet another MSIE 0-day: VML |
HIJACKING |
| 2025-03-18/a> | Xavier Mertens | Python Bot Delivered Through DLL Side-Loading |
| 2019-07-13/a> | Guy Bruneau | Guidance to Protect DNS Against Hijacking & Scanning for Version.BIND Still a Thing |
| 2016-06-03/a> | Tom Liston | MySQL is YourSQL |
| 2011-11-28/a> | Tom Liston | A Puzzlement... |
| 2011-10-10/a> | Tom Liston | What's In A Name? |
| 2010-08-23/a> | Bojan Zdrnja | DLL hijacking vulnerabilities |
| 2009-12-17/a> | Daniel Wesemann | overlay.xul is back |
| 2008-10-17/a> | Patrick Nolan | Day 17 - Containing a DNS Hijacking |
| 2008-10-08/a> | Johannes Ullrich | Domaincontrol (GoDaddy) Nameservers DNS Poisoning |
