This time I am trying something different. I am in no way, shape or form capable in malware analysis but I was thinking if it could be useful to run a live malware on a device with MDE agent installed. This could potentially provide great telemetry data to generate ideas for threat hunting purposes....
Detecting a Payload delivered with ISO files with MDE
It’s been a little quiet on my blog for a while now – reason being that I was on a holiday and rather did other things than sit in front of a computer. Just got back and have some free time to keep on blogging. While I was on a vacation I read an...
DLL image loads from suspicious locations by regsvr32.exe / rundll32.exe
DLL images are being used quite a lot by the attackers to load their malicious code. I’ve done several different queries that are targeting this attack technique. I have been having an idea of taking a look at DLL files that are being loaded from abnormal locations and then building more information around this....