Skip to content

Threat hunting with hints of incident response

  • About
  • Tags

Tag: regsvr32.exe

Running live malware for threat hunting purposes

August 13, 2022August 14, 2022JouniMi

This time I am trying something different. I am in no way, shape or form capable in malware analysis but I was thinking if it could be useful to run a live malware on a device with MDE agent installed. This could potentially provide great telemetry data to generate ideas for threat hunting purposes....

Detecting a Payload delivered with ISO files with MDE

July 17, 2022July 17, 2022JouniMi

It’s been a little quiet on my blog for a while now – reason being that I was on a holiday and rather did other things than sit in front of a computer. Just got back and have some free time to keep on blogging. While I was on a vacation I read an...

DLL image loads from suspicious locations by regsvr32.exe / rundll32.exe

April 20, 2022July 12, 2022JouniMi

DLL images are being used quite a lot by the attackers to load their malicious code. I’ve done several different queries that are targeting this attack technique. I have been having an idea of taking a look at DLL files that are being loaded from abnormal locations and then building more information around this....

Archives

  • March 2023
  • February 2023
  • January 2023
  • December 2022
  • November 2022
  • September 2022
  • August 2022
  • July 2022
  • June 2022
  • May 2022
  • April 2022

Categories

  • Uncategorized
© 2023 Threat hunting with hints of incident responseTheme by Puro