Hunting for Windows Subsystem for Linux based attacks

Hunting for WSL based Badness

In threat hunting, Nov 10, 2024
Hunting for malicious scheduled tasks
The DFIR thing reg parsing #1
The DFIR thing

The DFIR thing

In dfir, Jul 27, 2024

All Stories

Hunting for Windows Subsystem for Linux based attacks

Hunting for WSL based Badness

In threat hunting, Nov 10, 2024
Hunting for Windows Subsystem for Linux based attacks

Hunting for malicious scheduled tasks

Why?

In threat hunting, Oct 06, 2024
Hunting for malicious scheduled tasks

The DFIR thing reg parsing #1

This blog post was lost in migration from Wordpress to Github Pages. :(

In dfir, Aug 29, 2024
The DFIR thing reg parsing #1

The DFIR thing

The DFIR.. what?

In dfir, Jul 27, 2024
The DFIR thing

Impacket - Part 3

Continuing with Impacket

In threat hunting, Jun 01, 2024
Impacket - Part 3

Impacket - Part 2

Hello mr. Impacket – I am back!

In threat hunting, Apr 27, 2024
Impacket - Part 2

Exploring hunting options for catching Impacket

Hunting for usage of Impacket

In threat hunting, Apr 13, 2024
Exploring hunting options for catching Impacket

Threat hunting for signs of credential dumping

Why this topic?

In threat hunting, Mar 11, 2024
Threat hunting for signs of credential dumping

Hunting for signs of SEO poisoning

How to hunt for SEO poisoning?

In threat hunting, Feb 23, 2024
Hunting for signs of SEO poisoning

Rare process launch as a service

Back after a long break

In threat hunting, Feb 05, 2024
Rare process launch as a service

Featured

  1. Hunting for Windows Subsystem for Linux based attacks
    In threat hunting,
  2. The DFIR thing
    In dfir,
  3. OpenCTI RSS feed support
    In threat intelligence,
  4. Threat Intelligence Platform - OpenCTI
    In threat intelligence,