Threat Detection Ep I: Are you in sync with DCSync?
Welcome to the first episode of the ThreaD (Threat Detection) series. I am opening up the series with the spotlight on DCSync (T1003.006) attack in Active Directory (AD). Intro A ton of good resources on DCSync already exist such as [1], [2], and [3]. So, I will just attempt to summarize it. Simply put, in […]
Threat hunting process injection with Jupyter notebook and Sysmon
Process injection (T1055) refers to injecting code into other live processes. Adversaries use this technique to either evade detection based on process monitoring or to elevate privileges. Process injection was ranked 6th most used technique by adversaries in Red Canary’s 2021 Threat Detection Report. Anyone that has used popular...