Rapid7 recently shared a fascinating post regarding the Kimsuky threat actor group making changes in their playbooks, specifically in their apparent shift to the use of .chm/”compiled HTML Help” files. In the post, the team does a great job of…
Category: Windows Incident Response
Uptycs Cybersecurity Standup
I was listening to a couple of fascinating interviews on the Uptycs Cybersecurity Standup podcast recently, and I have to tell you, there were some pretty insightful comments from the speakers. < div>The first one I listened to was Becky…
Investigative Scenario, 2024-03-12
Investigative Scenario Chris Sanders posted another investigative scenario on Tues, 12 Mar, and this one, I thought, was interesting (see the image to the right). First off, you can find the scenario posted on X/Twitter, and here on LinkedIn. Now,…
PCAParse
I was doing some research recently regarding what’s new to Windows 11, and ran across an interesting artifact, which seems to be referred to as “PCA”. I found a couple of interesting references regarding this artifact, such as this one…
PCAParse
I was doing some research recently regarding what’s new to Windows 11, and ran across an interesting artifact, which seems to be referred to as “PCA”. I found a couple of interesting references regarding this artifact, such as this one…
A Look At Threat Intel, Through The Lens Of The r77 Rootkit
It’s been almost a year, but this Elastic Security write-up on the r77 rootkit popped up on my radar recently, so I thought it would be useful to do a walk-through of how someone with my background would mine open…
Lists of Images
There’re a lot of discussions out there on social media regarding how to get started or improve yourself or set yourself apart in cybersecurity, and lot of the advice centers around doing things yourself; setting up a home lab, using…
Lists of Images
There’re a lot of discussions out there on social media regarding how to get started or improve yourself or set yourself apart in cybersecurity, and lot of the advice centers around doing things yourself; setting up a home lab, using…
EDRSilencer
There’s been a good bit of discussion in the cybersecurity community regarding “EDR bypasses”, and most of these discussions have been centered around technical means a threat actor can use to “bypass” EDR. Many of these discussions do not seem…
Human Behavior In Digital Forensics, pt III
So far, parts I and II of this series have been published, and at this point, there’s something that we really haven’t talked about. That is, the “So, what?”. Who cares? What are the benefits of understanding human behavior rendered…