All Stories

Running multiple instances of discovery commands in short period of time

When the attackers have been able to gain initial access to the environment they are often running different kind of commands to gain further information of the environment. The comma...

In threat hunting, Apr 30, 2022

DLL image loads from suspicious locations by regsvr32.exe / rundll32.exe

DLL images are being used quite a lot by the attackers to load their malicious code. I’ve done several different queries that are targeting this attack technique. I have been having a...

In threat hunting, Apr 20, 2022

(Trying to) hunt for a hidden scheduled task

Microsoft DART released an article yesterday of how the malware known as Tarrask has been using scheduled tasks for defense evasion. This malware has been in use by an APT group known...

In threat hunting, Apr 13, 2022

How to start with host based threat hunting?

How to start with host based threat hunting?

In threat hunting, Apr 10, 2022