PinnedDeploying Threat Detection home lab (Part 1)In this blog we will see what infrastructure is needed to deploy a multi VM threat detection lab.Dec 5, 2024Dec 5, 2024
PinnedKnowing the “Normal” & unmasking svchost.exeIn Windows, several core processes run to keep the system functional, secure, and responsive. Knowing these key processes and their normal…Nov 4, 2024Nov 4, 2024
PinnedDetecting Process Injection using a debugger (x64bdg)What is Process Injection?Aug 22, 2024Aug 22, 2024
PinnedUnveiling the capabilities of Threat Hunting with YARA and SilkETW in a Windows environmentThis blog covers the process of threat hunting, YARA rules, and how to use YARA rules and ETW to detect malicious activity in Windows…Sep 29, 2024Sep 29, 2024
PinnedImportance of using relevant fields to be displayed for process creation events in SIEMsIn this blog, we will be looking at some process creation events and how to structure the search using relevant fields to get the most of…Oct 9, 2024Oct 9, 2024
WriteUp > HTB Sherlocks — MisCloud (Medium)Scenario: My name is John. I am a student who started an e-commerce startup business named “DummyExample” with my partner, James…Nov 25, 20242Nov 25, 20242
WriteUp > HTB Sherlocks — Nuts (Medium)Scenario: User installs a malicious package, the task is to investigate the incident using KAPE files providedNov 23, 2024Nov 23, 2024