Friday, February 5, 2021

AppLocker Block vs Sysmon Process Create

  This folder is applocker blocked       So I copied notepad.exe into it, renamed it, then tried to execute and as you can see applocker blo...
45 comments:
Sunday, January 3, 2021

OLE COM Objects OleInitialize CoCreateInstance

Notes from IDA OleInitialize ==> tells you you're going to use COM CoCreateInstance ==> Initializes an object, such as Internet Ex...
6 comments:
Wednesday, December 30, 2020

IDA Pro Xref Notes

 https://resources.infosecinstitute.com/topic/ida-cross-references-xrefs/ XREF ,  "...After the arrow, there’s also a single letter......
3 comments:
Monday, November 2, 2020

Application Security Policies Ideas

 Application Security Policy ideas. A thread for my #infosec friends ... Make your policy applicable to all applications (internal, external...
2 comments:
Tuesday, October 6, 2020

70 IBM Qradar SIEM Tips!

https://twitter.com/neonprimetime/status/1313222901236142080 Hey for all you #infosec friends stuck with #ibm #qradar just like me, just rem...
3 comments:
Tuesday, September 15, 2020

How we use Agile Scrum for SIEM Detection Engineering and Threat Hunting

Thought I’d share a thread on how we use a form of #Agile Scrum to keep our #SIEM detection engineering and threat hunting organized. #bluet...
2 comments:
Tuesday, August 4, 2020

Agent Tesla , Doc => Powershell => C# => EXE => SMTP

https://app.any.run/tasks/27f1e600-b8fc-4c18-a6f0-b35799393cdc/ 88cd18b7fbe649bd756b3034525f34c3 function funcDecodeNetClassSourceCode {...
1 comment: