LetsDefend: Suspicious Certutil.exe Usage-LOLBAS TTPs

LetsDefend — SOC163 WriteUp

Michael Koczwara

3 min readMay 25, 2022

--

Living Off The Land Binaries, Scripts and Libraries

Walkthrough

EventID 113

We can kick off our investigation with the CMD history of the compromised endpoint “EricProd” which caused an…

Michael Koczwara

Written by Michael Koczwara

Security Researcher

Recommended from Medium

Invictus Incident Response

Email Forwarding Rules in Microsoft 365

The ultimate guide to analysing and understanding email forwarding rules in the Unified Audit Log (UAL)

8 min readFeb 20

--

Michael Koczwara

Adversaries Infrastructure-Ransomware Groups, APTs, and Red Teams

What you can learn from scanning adversaries' infra?

4 min readDec 30, 2022

--

Lists

Staff Picks

329 stories83 saves

Stories to Help You Level-Up at Work

19 stories53 saves

Self-Improvement 101

20 stories107 saves

Productivity 101

20 stories116 saves

Michael Koczwara

Sliver C2 Implant Analysis

Sliver C2 Implant Analysis

8 min readJan 12

--

Adam Goss

The Holy Bible of Threat Intelligence

Let’s explore the MITRE ATT&CK framework and find out why it’s the number #1 tool for any cyber threat intelligence analyst!

9 min readFeb 20

--

K O M A L
in
InfoSec Write-ups

Operationalizing MITRE ATT&CK to harden cyber defenses

Take Adversary’s perspective in Defender’s Team

5 min readDec 9, 2022

--

Muhammad Laraib Khan

Making Security Certification Tier List

It’s difficult to create a definitive “tier list” for security certifications, as the value and importance of a particular certification…

2 min readDec 16, 2022

--

See more recommendations

Help
Status
Writers
Blog
Careers
Privacy
Terms
About
Text to speech