Detecting this type of malicious activity can be done relatively easily usingendpoint telemetrylogs from Windows hosts. The most reliable (and free!) method would be the use of Sysinternals:Sysmon which contains a few event IDs that we can use to monitor this type of behavior. Metho...
Threat hunting can be used as a powerful tool not only to detect malicious behavior missed by other security measures but also drive a deeper understanding of how malicious software, actor tools, and behaviors work and how to proactively detect or prevent them. ...
Then, we started our quest of malware hunting in memory. We did this by benchmarking both memory captures against each other and by applying the intelligence gained during the dynamic analysis. On the second part we went deeper into the fascinating world of memory forensics. We manage to find...
mac-a-mal - An automated framework for mac malware hunting. objdump - Part of GNU binutils, for static analysis of Linux binaries. OllyDbg - An assembly-level debugger for Windows executables. PANDA - Platform for Architecture-Neutral Dynamic Analysis. PEDA - Python Exploit Development Assistance...
Using SysInternalsStrings, I extracted various strings from the binary and found the following indicators: “Connecting to {0}:{1}..” “/create /f /tn “{0}” /xml “{1}”” “schtasks.exe” “CreateScheduledTask” “/run /tn “{0}”” ...
Closing the Security Gap From Threat Hunting to Detection Engineering ByIlya Kolmanovich,Alejandro Houspanossian,Joe MalenfantandTomer Shloman· April 16, 2025 Learn how to use existing tooling to perform threat hunting and detection engineering to find hidden threats and strengthen your def...
Nonetheless, one thing to mention about the code is that if you follow the site malware.dontneedcoffee.com and the amazing work done by Kaffeine on hunting down, analyzing and documenting Exploit Kits you might have noticed that he calls this version of RIG “RIG-v Neutrino-ish“. The ...