Welcome to the first episode of the ThreaD (Threat Detection) series. I am opening up the series with the spotlight on DCSync (T1003.006)…
Process injection (T1055) refers to injecting code into other live processes. Adversaries use this technique to either evade detection based on process monitoring…
Microsoft introduced a proprietary binary format called EVTX back in Vista and Server 2008 packed with new enhancements and features like log channels,…
The release of this old blog is prompted by this nice article on silencing Microsoft Defender for Endpoint (previously Microsoft Defender ATP) using…
Back in September, Sysmon v12 graced us with the new ability to monitor clipboards. You can read about this new capability in Olaf’s…
This is a short blog that shows one technique of detecting logons of Domain Administrators (DA) to workstations from your SIEM. This is…
Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod
Copyright © 2022. All rights reserved.