DLL Hijacking via Cobalt Strike & Attack Analysis.
Hijack Execution Flow
Adversaries may execute their own malicious payloads by hijacking the way operating systems run…
Malleable C2 — jQuery profiles.
Cobalt Strike — SpawnTo and Rundll32.
PCAP & VT Analysis — Rundll32 connecting over TCP to Cobalt Strike C2.
Cobalt Strike Malleable C2 User-Agents.
Malleable C2 profiles have been widely adopted and used by Cobalt Strike, a popular framework used by Red Teamers, APT’s…
Legit healthcare company.
Hijacked NPM walkthrough
Alert SOC158: Hijacked NPM Malware
Everything looks legit when I do the checks. UA Parser JS has been downloaded from its official site. I couldn't understand what is the problem.
LetsDefend Log4j RCE Exploit walkthrough
Incident Response Life-Cycle
Incident Response & PCAP/Attack Analysis
In red I highlighted areas of our interest during this attack analysis.
Investigating Windows Server 2016 Part One
Investigating compromised windows server.
Windows component tools used during the investigation
Net user: The Net utility is a component of the Windows…