Part 6-(WMI): Hunting Down Malicious WMI Activity
In this blog, we delve into effective threat hunting strategies to uncover and counter malicious WMI activity, emphasizing the importance...
top of page
-
Jan 172 min read
Part 5- (WMI): Unveiling the Persistence of Malicious MOF Files: A Deep Dive into #PRAGMA AUTORECOVER
This blog explores the significance of a specific attribute within MOF files – “#PRAGMA AUTORECOVER” – shedding light on its forensic...
57 views0 comments
-
Jan 162 min read
Part 4-(WMI): The Intricacies of MOF Files: A Gateway for Malicious Infiltration in WMI
Understanding MOF Files: MOF(Managed Object Format) files act as blueprints for WMI, representing class definitions and instances....
42 views0 comments
-
Jan 152 min read
Part 3-(WMI): Understanding WMI Event Consumers in Cybersecurity
One such avenue often exploited by attackers is Windows Management Instrumentation (WMI) event consumers. This blog post delves into the...
33 views0 comments
-
Jan 142 min read
Part 2 -(WMI) :Detecting WMI-Based Attacks
In this blog post, we will delve into the significance of detecting WMI-based attacks and explore techniques to defend against them....
49 views0 comments
-
Jan 134 min read
Part 1 - (WMI): A Dive in its Capabilities and Stealthy Persistence Techniques
Introduction: In the complex landscape of Windows operating systems, one technology has stood the test of time—Windows Management...
130 views0 comments
-
Jan 123 min read
Power of Kansa: A Comprehensive Guide to Incident Response and Threat Hunting
Kansa is one of the most powerful tool that can be used for threat hunting and incident response. But as per reddit Kansa is no longer...
43 views0 comments
-
Jan 92 min read
Single-line PowerShell commands for analysis
I was going through some articles and identified one of the best One-liners by @Leonard Savina. Guide on detecting potential remote...
29 views0 comments
-
Jan 81 min read
Incident Handlers Checklist and Personalize Windows investigation Cheat Sheet
In previous blogs, I've delved into the intricacies of incident response, providing comprehensive information and theories. However,...
44 views0 comments
-
Jan 82 min read
Incident Response Framework Post-Incident Phase
A critical phase: Post-Incident Activities. This phase, often overlooked, holds paramount importance in fortifying an organization's...
15 views0 comments
-
Jan 72 min read
Incident Response Framework Recovery Phase
The phase of recovery stands as a critical endeavor, aiming not only to restore systems but also to fortify their resilience against...
17 views0 comments
-
Jan 61 min read
Incident Response Framework Eradication Phase
In the realm of cybersecurity incidents, eradication strategy, hold paramount importance in mitigating the aftermath of a breach....
25 views0 comments
-
Jan 52 min read
Incident Response Framework Containment Phase
During a cybersecurity incident, the ability to swiftly contain the breach is pivotal to mitigating the potential damages. Containment...
17 views0 comments
-
Jan 42 min read
Incident Response Framework: Detection Phase
In this phase we will determine if an incident has place, triage it, and notify relevant stakeholders and analyze it. To understand...
28 views0 comments
-
Jan 32 min read
Incident Response Framework: Preparation Phase
In the realm of cybersecurity, the preparation phase of an incident response plan lays the groundwork for effective handling of security...
33 views0 comments
-
Jan 21 min read
Incident Response Framework
In Next few posts, I am going Delve deep in incident response and various aspects. Incident Response Procedures: Procedures and...
28 views0 comments
-
Jan 1, 20241 min read
Welcoming the New Year with Hope and Joy
As the clock strikes midnight, we bid farewell to the past year and warmly welcome the promising dawn of a new one. The New Year...
3 views0 comments
-
Dec 24, 20231 min read
Celebrate the Holiday Season with Joy and Gratitude
Tis the season to be jolly! As the year draws to a close, we find ourselves surrounded by the warmth of cheerful decorations, the...
27 views0 comments
-
Dec 20, 20233 min read
Understanding Lateral Movement in Cyber Attacks:
In the realm of cybersecurity, one of the most concerning aspects of an attack campaign is the stealthy progression through a network to...
106 views0 comments
-
Dec 18, 20232 min read
Unveiling the Threat of Golden Ticket Attacks
"Golden Ticket" attack perform on Active Directory environments. This technique, a perilous offspring of pass-the-hash attacks(Local...
35 views0 comments
bottom of page