PinnedPraj SheteDetecting Process Injection using a debugger (x64bdg)What is Process Injection?Aug 22Aug 22
PinnedPraj SheteUnveiling the capabilities of Threat Hunting with YARA and SilkETW in a Windows environmentThis blog covers the process of threat hunting, YARA rules, and how to use YARA rules and ETW to detect malicious activity in Windows…Sep 29Sep 29
PinnedPraj SheteImportance of using relevant fields to be displayed for process creation events in SIEMsIn this blog, we will be looking at some process creation events and how to structure the search using relevant fields to get the most of…Oct 9Oct 9
Praj SheteWriteup > LetsDefend: Adobe ColdFusion RCEScenario: Our ERD software was triggered, alerted, and isolated a web server for suspicious use of the “nltest.exe” command. Investigate…4d ago4d ago
Praj SheteWriteUp > LetsDefend : Infection with Cobalt StrikeScenario: We got network traffic from password stealer. You should do root cause analysis.4d ago4d ago
Praj SheteKnowing the “Normal” & unmasking svchost.exeIn Windows, several core processes run to keep the system functional, secure, and responsive. Knowing these key processes and their normal…Nov 4Nov 4
Praj SheteWrite-Up > LetsDefend Challenge: Malicious WordPress PluginScenario: Our WordPress website has been hacked; however, it’s yet unclear how exactly. The most likely explanation is that a plugin that…Oct 14Oct 14
Praj SheteWrite-Up > LetsDefend Challenge: Windows ForensicsScenario: A targeted phishing campaign is carried out against our organization, and so far the phishing mail has been opened by 3 systems…Oct 3Oct 3
Praj SheteLetsDefend Challenge: Malicious Web Traffic AnalysisScenario: During a cybersecurity investigation, analysts have noticed unusual traffic patterns that may indicate a problem. We need your…Sep 26Sep 26
