All Stories
Running multiple instances of discovery commands in short period of time
When the attackers have been able to gain initial access to the environment they are often running different kind of commands to gain further information of the environment. The comma...
In threat hunting, Apr 30, 2022DLL image loads from suspicious locations by regsvr32.exe / rundll32.exe
DLL images are being used quite a lot by the attackers to load their malicious code. I’ve done several different queries that are targeting this attack technique. I have been having a...
In threat hunting, Apr 20, 2022(Trying to) hunt for a hidden scheduled task
Microsoft DART released an article yesterday of how the malware known as Tarrask has been using scheduled tasks for defense evasion. This malware has been in use by an APT group known...
In threat hunting, Apr 13, 2022How to start with host based threat hunting?
How to start with host based threat hunting?
In threat hunting, Apr 10, 2022Featured
-
Having a look at a few new fields in MDE
In threat hunting, -
Look into couple of suspicous registry activities
In threat hunting, -
Hunting for Windows Subsystem for Linux based attacks
In threat hunting, -
The DFIR thing
In dfir, -
OpenCTI RSS feed support
In threat intelligence, -
Threat Intelligence Platform - OpenCTI
In threat intelligence,