Clik here to view.
Analysis of the current malware – Icedid
Making the decision of what to analyze The last blog post that I wrote was about creating an ELK with a Kibana view of the currently active malware, using the common publicly available sandbox...
View ArticleClik here to view.
Turla
Why Turla? Lately I’ve done quite a lot of write-ups of testing currently active malware and how that could be potentially hunted for. I’d rather write about something else for a change, which led me...
View ArticleClik here to view.
Threat Intelligence Platform – OpenCTI
What? I’ve been thinking of implementing some sort of Threat Intelligence Platform for my personal usage. The original idea has been to run MISP as it is quite well known to be very good at this sort...
View ArticleClik here to view.
OpenCTI RSS feed support
RSS feed support in OpenCTI I haven’t been playing with the OpenCTI platform a lot since I first deployed it. I have a look at the data from time to time but haven’t had the time to create...
View ArticleClik here to view.
Rare process launch as a service
Back after a long break The last post on this blog was published on mid-September 2023 so it has been a while since I was able to update the blog. The main reason for this is that I have been too...
View ArticleClik here to view.
Hunting for signs of SEO poisoning
How to hunt for SEO poisoning? Well this is a good question to which I don’t have a good answer. This query is going to go through the very basics of how this can be started but it is not really that...
View ArticleClik here to view.
Threat hunting for signs of credential dumping
Why this topic? I chose this topic because I’ve seen a lot of different queries to hunt for signs of credential dumping. However, these have been mostly developed around finding certain tools which do...
View ArticleClik here to view.
Exploring hunting options for catching Impacket
Hunting for usage of Impacket Impacket is one of those tools which the threat actors are constantly using during the attacks. It is interesting tool as it allows interacting with several protocols...
View ArticleClik here to view.
Impacket – Part 2
Hello mr. Impacket – I am back! Today I will write about Impacket. Last time I wrote about the psexec and smbexec modules which I found to be the most logical start to the series (BTW I would like to...
View ArticleClik here to view.
Impacket – part 3
Continuing with Impacket I will do one more post on the series and that will be it. The first post was mostly about the different ways that Impacket can launch semi-interactive shells, the second one...
View Article