Unmasking the Shadowy Side of WMI Part 1: FoundationAttackers are known for their innovative tactics, often harnessing legitimate tools and services to infiltrate, move laterally, and…Oct 23, 2023Oct 23, 2023
Published inDetect FYIExploring Execute-Assembly: A Deep Dive into In-Memory Threat ExecutionAdvanced adversaries have been seeking stealthiness and evade detections. One of the main tactics is to stay entirely in memory and avoid…Sep 2, 2023Sep 2, 2023
Published inDetect FYIPurple teaming — Understand PivotingPivoting is a crucial step in the adversaries’ strategies to further compromise a targeted environment and bypass strong perimeter…Aug 6, 2023Aug 6, 2023
Threat hunting Pivoting via SMB Named PipeOnce gaining a foothold into the environment, adversaries move laterally to compromise different systems till achieving their objectives…Jul 30, 20231Jul 30, 20231
Remote MS Office template injectionThis article delves into the remote MS Office template injection attack, offering a comprehensive exploration of its inner workings. By…Jul 16, 2023Jul 16, 2023
Kusto Query language 101The article aims to provide the fundamentals of Kusto query language to search for complex data patterns as well as generate complicated…Apr 8, 2021Apr 8, 2021
Techniques and Tools for Shellcode AnalysisShellcode is a sequence of machine code that is commonly abused to execute malicious codes after vulnerability exploitation, download the…Jan 28, 20211Jan 28, 20211
eLearnSecurity Threat Hunting Professional (THP) course and eCTHPv2 exam (Dec 2020)Threat hunting (TH) is a new trend in cybersecurity when companies, from small to large spending from few thousands to millions, soon…Jan 17, 20212Jan 17, 20212
MS Office Forensic: VBA obfuscation via VBA Stomping and PurgingVBA is one of the most common attack vectors against MS office; hence, adversaries have been finding ways to evade Anti-virus, forensic…Jan 6, 2021Jan 6, 2021
Malware Analysis Lab and Behavioral Analysis StepsThis article provides instructions to build a safe environment that you can use to learn the behavior of a malware sample. The article…Jan 3, 2021Jan 3, 2021