Explorer's | Learn IR/Cyber Sec

Jan 21, 20242 min read

Part 3 -(Persistence) Windows Persistence: A Deep Dive into Scheduled Tasks

In the intricate realm of Windows systems, achieving persistence is a paramount goal for adversaries seeking to maintain a foothold....

57 views0 comments

Jan 20, 20243 min read

Part 2-(Persistence) Windows Services: A Stealthy Avenue for Persistence

In the intricate world of Windows operating systems, services play a pivotal role, running applications seamlessly in the background...

24 views0 comments

Jan 19, 20242 min read

Part 1-(Persistence): The Labyrinth of Autorun Locations in Windows

Introduction: In the vast and intricate world of Windows operating systems, the presence of AutoStart Extension Points (ASEPs), commonly...

25 views0 comments

Jan 18, 20241 min read

Exploring Malware Persistence: Upcoming Topics

This blog series aims to dissect various techniques employed by malicious actors to maintain a lasting presence on compromised systems....

9 views0 comments

Jan 18, 20242 min read

Part 6-(WMI): Hunting Down Malicious WMI Activity

In this blog, we delve into effective threat hunting strategies to uncover and counter malicious WMI activity, emphasizing the importance...

59 views0 comments

Jan 17, 20242 min read

Part 5- (WMI): Unveiling the Persistence of Malicious MOF Files: A Deep Dive into #PRAGMA AUTORECOVER

This blog explores the significance of a specific attribute within MOF files – “#PRAGMA AUTORECOVER” – shedding light on its forensic...

61 views0 comments

Jan 16, 20242 min read

Part 4-(WMI): The Intricacies of MOF Files: A Gateway for Malicious Infiltration in WMI

Understanding MOF Files: MOF(Managed Object Format) files act as blueprints for WMI, representing class definitions and instances....

46 views0 comments

Jan 15, 20242 min read

Part 3-(WMI): Understanding WMI Event Consumers in Cybersecurity

One such avenue often exploited by attackers is Windows Management Instrumentation (WMI) event consumers. This blog post delves into the...

35 views0 comments

Jan 14, 20242 min read

Part 2 -(WMI) :Detecting WMI-Based Attacks

In this blog post, we will delve into the significance of detecting WMI-based attacks and explore techniques to defend against them....

54 views0 comments

Jan 13, 20244 min read

Part 1 - (WMI): A Dive in its Capabilities and Stealthy Persistence Techniques

Introduction: In the complex landscape of Windows operating systems, one technology has stood the test of time—Windows Management...

143 views0 comments

Jan 12, 20243 min read

Power of Kansa: A Comprehensive Guide to Incident Response and Threat Hunting

Kansa is one of the most powerful tool that can be used for threat hunting and incident response. But as per reddit Kansa is no longer...

49 views0 comments

Jan 9, 20242 min read

Single-line PowerShell commands for analysis

I was going through some articles and identified one of the best One-liners by @Leonard Savina. Guide on detecting potential remote...

29 views0 comments

Jan 8, 20241 min read

Incident Handlers Checklist and Personalize Windows investigation Cheat Sheet

In previous blogs, I've delved into the intricacies of incident response, providing comprehensive information and theories. However,...

45 views0 comments

Jan 8, 20242 min read

Incident Response Framework Post-Incident Phase

A critical phase: Post-Incident Activities. This phase, often overlooked, holds paramount importance in fortifying an organization's...

16 views0 comments

Jan 7, 20242 min read

Incident Response Framework Recovery Phase

The phase of recovery stands as a critical endeavor, aiming not only to restore systems but also to fortify their resilience against...

18 views0 comments

Jan 6, 20241 min read

Incident Response Framework Eradication Phase

In the realm of cybersecurity incidents, eradication strategy, hold paramount importance in mitigating the aftermath of a breach....

26 views0 comments

Jan 5, 20242 min read

Incident Response Framework Containment Phase

During a cybersecurity incident, the ability to swiftly contain the breach is pivotal to mitigating the potential damages. Containment...

19 views0 comments

Jan 4, 20242 min read

Incident Response Framework: Detection Phase

In this phase we will determine if an incident has place, triage it, and notify relevant stakeholders and analyze it. To understand...

29 views0 comments

Jan 3, 20242 min read

Incident Response Framework: Preparation Phase

In the realm of cybersecurity, the preparation phase of an incident response plan lays the groundwork for effective handling of security...

35 views0 comments

Jan 2, 20241 min read

Incident Response Framework

In Next few posts, I am going Delve deep in incident response and various aspects. Incident Response Procedures: Procedures and...

29 views0 comments