Jeff White, Author at Unit 42

A conceptual image representing malware such as OriginLogger

69,117

people reacted

OriginLogger: A Look at Agent Tesla’s Successor

By Jeff White
September 13, 2022 at 6:00 AM

14 min. read

A conceptual image representing cybercrime, such as the use of the NGLite backdoor described here and the KdcSponge credential-stealing tool.

110,629

people reacted

Targeted Attack Campaign Against ManageEngine ADSelfService Plus Delivers Godzilla Webshells, NGLite Trojan and KdcSponge Stealer

By Robert Falcone, Jeff White and Peter Renals
November 7, 2021 at 6:00 PM

18 min. read

A conceptual image representing adversaries and their tactics, such as the Matanbuchus malware-as-a-service described here.

51,712

people reacted

Matanbuchus: Malware-as-a-Service with Demonic Intentions

By Jeff White and Kyle Wilhoit
June 16, 2021 at 7:32 AM

9 min. read

Conceptual image symbolizing the adversarial relationship between security professionals and threat actors such as Hafnium, whose attacks involving the China Chopper webshell are discussed here

57,691

people reacted

Analyzing Attacks Against Microsoft Exchange Server With China Chopper Webshells

By Jeff White
March 8, 2021 at 2:24 PM

10 min. read

31,432

people reacted

Practical Behavioral Profiling of PowerShell Scripts through Static Analysis (Part 3)

By Jeff White
October 25, 2019 at 6:00 AM

9 min. read

30,974

people reacted

Practical Behavioral Profiling of PowerShell Scripts through Static Analysis (Part 2)

By Jeff White
October 24, 2019 at 6:00 AM

14 min. read

33,973

people reacted

Practical Behavioral Profiling of PowerShell Scripts through Static Analysis (Part 1)

By Jeff White
October 23, 2019 at 6:00 AM

10 min. read

55,211

people reacted

Takedowns and Adventures in Deceptive Affiliate Marketing

By Jeff White
April 25, 2019 at 6:00 AM

22 min. read

42,253

people reacted

Dissecting Hancitor’s Latest 2018 Packer

By Jeff White
February 27, 2018 at 5:00 AM

16 min. read

44,000

people reacted

PowerStager Analysis

By Jeff White
January 12, 2018 at 5:00 AM

8 min. read

38,876

people reacted

Analyzing the Various Layers of AgentTesla’s Packing

By Jeff White
September 25, 2017 at 10:00 AM

10 min. read

52,966

people reacted

The Curious Case of Notepad and Chthonic: Exposing a Malicious Infrastructure

By Jeff White
August 15, 2017 at 5:00 AM

10 min. read

32,256

people reacted

VIDEO: Tips, Tricks, and Clues to Escape the LabyREnth CTF

By Samantha Pierre, Richard Wartell, Tyler Halfpop and Jeff White
June 28, 2017 at 4:00 PM

8 min. read

32,275

people reacted

Pulling the Brake on the Magnitude EK Train

By Jeff White
April 13, 2017 at 1:00 PM

5 min. read

211,702

people reacted

Pulling Back the Curtains on EncodedCommand PowerShell Attacks

By Jeff White
March 10, 2017 at 5:00 AM

29 min. read

Posts created by: Jeff White

OriginLogger: A Look at Agent Tesla’s Successor

Targeted Attack Campaign Against ManageEngine ADSelfService Plus Delivers Godzilla Webshells, NGLite Trojan and KdcSponge Stealer

Matanbuchus: Malware-as-a-Service with Demonic Intentions

Analyzing Attacks Against Microsoft Exchange Server With China Chopper Webshells

Practical Behavioral Profiling of PowerShell Scripts through Static Analysis (Part 3)

Practical Behavioral Profiling of PowerShell Scripts through Static Analysis (Part 2)

Practical Behavioral Profiling of PowerShell Scripts through Static Analysis (Part 1)

Takedowns and Adventures in Deceptive Affiliate Marketing

Dissecting Hancitor’s Latest 2018 Packer

PowerStager Analysis

Analyzing the Various Layers of AgentTesla’s Packing

The Curious Case of Notepad and Chthonic: Exposing a Malicious Infrastructure

VIDEO: Tips, Tricks, and Clues to Escape the LabyREnth CTF

Pulling the Brake on the Magnitude EK Train

Pulling Back the Curtains on EncodedCommand PowerShell Attacks

Popular Resources

Legal Notices

Account

Trending

Popular Resources

Legal Notices

Account