 |
Posts by [email protected] |
 |
Post #AuiOdodwq4J4v3ls4O by [email protected] |
|
0 likes, 1 repeats |
|
|
|
#ThreatHuntingTipOftheDay: WMI Event Consumers trigger payloads on certain OS e… |
|
|
|
Post #AukT9RiEQ2jHCS24fI by [email protected] |
|
0 likes, 1 repeats |
|
|
|
#ThreatHuntingTipOfTheDay: Malicious DMGs/PKGs are currently the most popular w… |
|
|
|
Post #Aumd4ZhQgRfqNgtQjg by [email protected] |
|
0 likes, 1 repeats |
|
|
|
#HuntingTipOfTheDay: You have probably heard of .bash_profile and .zshrc, but a… |
|
|
|
Post #AuohZ2xFGaXXvzzpJI by [email protected] |
|
0 likes, 1 repeats |
|
|
|
#HuntingTipOfTheDay: a common way to execute malicious code on Linux is to down… |
|
|
|
Post #AuqrUu5BhKDZ7OIIl6 by [email protected] |
|
0 likes, 1 repeats |
|
|
|
#HuntingTipOfTheDay: explorer.exe /root,"c:/your/executable.exe" will… |
|
|
|
Post #Aux4zntfD9u5GLjCyW by [email protected] |
|
0 likes, 1 repeats |
|
|
|
#HuntingTipOfTheDay: Services can provide persistence. Looking for changes to t… |
|
|
|
Post #Auyym6NVUT9J7Pgqps by [email protected] |
|
0 likes, 1 repeats |
|
|
|
#HuntingTipOfTheDay: macOS has a built-in SSH mechanism that is disabled by def… |
|
|
|
Post #Av13ICOFSgyBADW8R6 by [email protected] |
|
0 likes, 1 repeats |
|
|
|
#HuntingTipOfTheDay: a personal favourite, command-line obfuscation. Substituti… |
|
|
|
Post #Av37nDpawTGGk8HDhg by [email protected] |
|
0 likes, 1 repeats |
|
|
|
#HuntingTipOfTheDay: you’ll know that in Linux, files with a leading dot are … |
|
|
|
Post #Av5SUHnETTFAsku4lk by [email protected] |
|
0 likes, 1 repeats |
|
|
|
#HuntingTipOfTheDay: folders with trailing spaces can be created on Windows, an… |
|
|
|
Post #Av5SUI9v77OM17WC8G by [email protected] |
|
0 likes, 0 repeats |
|
|
|
UAC bypass can be achieved by eg moving the legit perfmon.exe and a malicious a… |
|
|
|
Post #AvBacVJS3ciXi9A9vE by [email protected] |
|
0 likes, 1 repeats |
|
|
|
#ThreatHuntingTipOfTheDay: rundll32 can be abused in many ways https://lolbas-p… |
|
|
|
Post #AvFjdy8e2un1cbimDg by [email protected] |
|
0 likes, 1 repeats |
|
|
|
#HuntingTipOfTheDay: @oddvarmoe of @trustedsec shows how you can run a full C2 … |
|
|
|
Post #AvHo8oYAX85UzgXkcS by [email protected] |
|
0 likes, 1 repeats |
|
|
|
#HuntingTipOfTheDay: Florian is right.🌩️ Cloud creds often linger in Envir… |
|
|
|
Post #AvJy2MWbCoBkCAI6t6 by [email protected] |
|
0 likes, 1 repeats |
|
|
|
#HuntingTipOfTheDay: proxy execution via ComputerDefaults.exe by setting this r… |
|
|
|
Post #AvQBblrJTERFFtxCaW by [email protected] |
|
0 likes, 1 repeats |
|
|
|
#HuntingTipOfTheDay: USB worms are still a thing - often the initial infection … |
|
|
|
Post #AvRzvOTdIrovOaO7PM by [email protected] |
|
0 likes, 1 repeats |
|
|
|
#HuntingTipOfTheDay: AppleScript via osascript is still a popular way for infos… |
|
|
|
Post #AvU4TSet3EXYLK4WKe by [email protected] |
|
0 likes, 1 repeats |
|
|
|
#HuntingTipOfTheDay: there are numerous open-source projects listing cyber thre… |
|
|
|
Post #AvW8yospG3aKNjih7I by [email protected] |
|
0 likes, 1 repeats |
|
|
|
#HuntingTipOfTheDay: Stuck in vi/vim? Open a reverse shell to exit remotely �… |
|
|
|
Post #AvYDU7pHfPreF4AMjo by [email protected] |
|
0 likes, 1 repeats |
|
|
|
#HuntingTipOfTheDay: you know how to spot/decode Base64 or XOR in PowerShell…… |
