Tho LeUnmasking the Shadowy Side of WMI Part 1: FoundationAttackers are known for their innovative tactics, often harnessing legitimate tools and services to infiltrate, move laterally, and…7 min read·Oct 23, 2023----
Tho LeinDetect FYIExploring Execute-Assembly: A Deep Dive into In-Memory Threat ExecutionAdvanced adversaries have been seeking stealthiness and evade detections. One of the main tactics is to stay entirely in memory and avoid…9 min read·Sep 2, 2023----
Tho LeinDetect FYIPurple teaming — Understand PivotingPivoting is a crucial step in the adversaries’ strategies to further compromise a targeted environment and bypass strong perimeter…7 min read·Aug 6, 2023----
Tho LeThreat hunting Pivoting via SMB Named PipeOnce gaining a foothold into the environment, adversaries move laterally to compromise different systems till achieving their objectives…6 min read·Jul 30, 2023--1--1
Tho LeRemote MS Office template injectionThis article delves into the remote MS Office template injection attack, offering a comprehensive exploration of its inner workings. By…4 min read·Jul 16, 2023----
Tho LeKusto Query language 101The article aims to provide the fundamentals of Kusto query language to search for complex data patterns as well as generate complicated…7 min read·Apr 8, 2021----
Tho LeTechniques and Tools for Shellcode AnalysisShellcode is a sequence of machine code that is commonly abused to execute malicious codes after vulnerability exploitation, download the…6 min read·Jan 28, 2021----
Tho LeeLearnSecurity Threat Hunting Professional (THP) course and eCTHPv2 exam (Dec 2020)Threat hunting (TH) is a new trend in cybersecurity when companies, from small to large spending from few thousands to millions, soon…5 min read·Jan 17, 2021--2--2
Tho LeMS Office Forensic: VBA obfuscation via VBA Stomping and PurgingVBA is one of the most common attack vectors against MS office; hence, adversaries have been finding ways to evade Anti-virus, forensic…4 min read·Jan 6, 2021----
Tho LeMalware Analysis Lab and Behavioral Analysis StepsThis article provides instructions to build a safe environment that you can use to learn the behavior of a malware sample. The article…6 min read·Jan 3, 2021----