A collection of cybersecurity content.

Month: January 2023

  • Hunting Masquerading Executables: The Significance of the MZ header

    Hunting Masquerading Executables: The Significance of the MZ header

    INTRO A common technique for adversaries to avoid detection when executing malware is to masquerade their tools under the guise of something that appears to be harmless. MITRE gives some wonderful descriptions into the techniques that have been used by various actors under Defense Evasion: T1036 Masquerading. Say, for instance, an adversary managed to coerce […]

  • Hunting for Hashes: Algorithm Unknown? No problem!

    Hunting for Hashes: Algorithm Unknown? No problem!

    INTRO Hashes are a fundamental tool in technical fields. Utilizing the values of hashes has become a common practice for ensuring the integrity of data, such as verifying the authenticity of a file during transfer or detecting malicious files through hash hunting. In the realm of security operations, threat hunting for known indicators is a […]

  • Zone Identifier 3: Finding All Files Originating from the Internet

    Zone Identifier 3: Finding All Files Originating from the Internet

    Intro Did you know you can easily find all your internet downloaded files on Windows and the website links they came from even if you cleared your browser history? Windows uses “tag” attributes called Zone Identifiers, which are a feature in Windows that assigns values between 0-4 (by default) to files in order to track […]