Tho LeUnmasking the Shadowy Side of WMI Part 1: FoundationAttackers are known for their innovative tactics, often harnessing legitimate tools and services to infiltrate, move laterally, and…Oct 23, 2023Oct 23, 2023
Tho LeinDetect FYIExploring Execute-Assembly: A Deep Dive into In-Memory Threat ExecutionAdvanced adversaries have been seeking stealthiness and evade detections. One of the main tactics is to stay entirely in memory and avoid…Sep 2, 2023Sep 2, 2023
Tho LeinDetect FYIPurple teaming — Understand PivotingPivoting is a crucial step in the adversaries’ strategies to further compromise a targeted environment and bypass strong perimeter…Aug 6, 2023Aug 6, 2023
Tho LeThreat hunting Pivoting via SMB Named PipeOnce gaining a foothold into the environment, adversaries move laterally to compromise different systems till achieving their objectives…Jul 30, 20231Jul 30, 20231
Tho LeRemote MS Office template injectionThis article delves into the remote MS Office template injection attack, offering a comprehensive exploration of its inner workings. By…Jul 16, 2023Jul 16, 2023
Tho LeKusto Query language 101The article aims to provide the fundamentals of Kusto query language to search for complex data patterns as well as generate complicated…Apr 8, 2021Apr 8, 2021
Tho LeTechniques and Tools for Shellcode AnalysisShellcode is a sequence of machine code that is commonly abused to execute malicious codes after vulnerability exploitation, download the…Jan 28, 20211Jan 28, 20211
Tho LeeLearnSecurity Threat Hunting Professional (THP) course and eCTHPv2 exam (Dec 2020)Threat hunting (TH) is a new trend in cybersecurity when companies, from small to large spending from few thousands to millions, soon…Jan 17, 20212Jan 17, 20212
Tho LeMS Office Forensic: VBA obfuscation via VBA Stomping and PurgingVBA is one of the most common attack vectors against MS office; hence, adversaries have been finding ways to evade Anti-virus, forensic…Jan 6, 2021Jan 6, 2021
Tho LeMalware Analysis Lab and Behavioral Analysis StepsThis article provides instructions to build a safe environment that you can use to learn the behavior of a malware sample. The article…Jan 3, 2021Jan 3, 2021
