Detections XYZ

What is Impacket / PSExec? Impacket PsExec is a Python-based implementation of the PsExec functionality, created by the open-source library Impacket. Impacket is a collection of tools and Python classes for working with network … Read More

Recently, there’s been quite a buzz in the infosec community about a new tool called “EDRSilencer”. From the tool’s Github description: “A tool uses Windows Filtering Platform (WFP) to block … Read More

Hello all, Some of you may remember me from my first course “Modern IBM QRadar 7.5 Administration”. I recently created a new course and its now live on Udemy. This … Read More

UPDATE 16/7/2024 – Identified a pattern where the affected commands are “external” commands to cmd.exe, as in, they are actual executables themselves. Ipconfig, net, arp and ping each trigger an … Read More

So today wasn’t anything special, except that those really annoying Powershell windows that occasionally open on my screen for a split-second and close finally broke me. I started noticing them … Read More

Original research credit: TheDFIReport TL;DR Summary Required Logging Event ID Channel Details 4688 / 1 Security, Sysmon New process creation. 17 Sysmon Pipe creation event. 4698 Security New Task Creation. Detection … Read More

Original research credit: TheDFIReport In this report we will learn about the Godzilla web shell, about what artifacts it generates, and what detection rules can be created based on those … Read More

Original research credit: u0041 In this report we will learn about the “atexec” tool of Impacket, about what artifacts it generates, and what detection rules can be created based on … Read More