The tags can be used to locate the posts from different categories

Apr
27

Impacket – Part 2

Hello mr. Impacket – I am back! Today I will write about Impacket. Last time I wrote about the psexec and smbexec modules which I found to be the most logical start to the series (BTW I would like to remind that 2 posts can be series).  You know, it is a gift which keeps…

Apr
13

Exploring hunting options for catching Impacket

Hunting for usage of Impacket Impacket is one of those tools which the threat actors are constantly using during the attacks. It is interesting tool as it allows interacting with several protocols with Python. It, for example, allows for a PsExec like behavior which is very often one of the key tools the threats use…

Mar
11

Threat hunting for signs of credential dumping

Why this topic? I chose this topic because I’ve seen a lot of different queries to hunt for signs of credential dumping. However, these have been mostly developed around finding certain tools which do dump the credentials. My idea was to try to hunt for the activity done by the application which dumps the memory…

Feb
23

Hunting for signs of SEO poisoning

How to hunt for SEO poisoning? Well this is a good question to which I don’t have a good answer. This query is going to go through the very basics of how this can be started but it is not really that easy to do. I’ve had several different ideas of how to hunt for…

Feb
05

Rare process launch as a service

Back after a long break The last post on this blog was published on mid-September 2023 so it has been a while since I was able to update the blog. The main reason for this is that I have been too busy. I’ve had extremely busy season at work and on top of that I…

Sep
16

OpenCTI RSS feed support

RSS feed support in OpenCTI I haven’t been playing with the OpenCTI platform a lot since I first deployed it. I have a look at the data from time to time but haven’t had the time to create integrations. I just got back to this and started to look if the RSS feed ingestion has…

Jul
06

Threat Intelligence Platform – OpenCTI

What? I’ve been thinking of implementing some sort of Threat Intelligence Platform for my personal usage. The original idea has been to run MISP as it is quite well known to be very good at this sort of thing, however I’ve been hearing a lot of good things about OpenCTI lately. It is by far…

May
19

Turla

Why Turla? Lately I’ve done quite a lot of write-ups of testing currently active malware and how that could be potentially hunted for. I’d rather write about something else for a change, which led me to this topic. Turla has been in the news lately as their long running malware known as Snake was –…