Month: February 2023
-
Applications: Identifying Social Engineering Installations
Intro Windows OS maintains a repository in the registry to keep track of applications that have been installed using the Windows Installer. This database is used by varying parts of the operating system in order to manage the installation, modification, and removal of software on the host. This information can aid incident responders in determining […]
-
Hunting Indirect Command Execution Using FTP
Intro Ftp.exe can be used for starting arbitrary processes and commands. Indirect Command Execution is a technique used by adversaries to execute arbitrary commands through a trusted system or application. Adversaries use this technique to evade security controls and conceal their actions, making it difficult for defenders to detect and prevent malicious activity. Did you […]
-
Windows Firewall: Collecting Configuration Evidence
Intro The Windows Firewall is a host-based feature in Windows OS that helps protect the computer from unauthorized access to the network and the internet. It is used to restrict incoming and outgoing network traffic based on a set of user-defined rules. The firewall monitors the network traffic and blocks any traffic that does not […]
-
PowerShell History: Examining the ConsoleHost_History.txt File
Did you know that Windows OS stores a history of its PowerShell console commands in a file on the hard drive? Intro The ConsoleHost_history.txt file is a log file for Windows PowerShell that records all the commands executed in the console which is updated every time a command is executed. This file provides a list […]
-
Fork Bombs: Hardening Unix-Systems from Denial of Service (DoS) Attacks
Intro A Denial-of-Service (DoS) attack is a malicious attempt to disrupt the availability of a computer, network, or website by overwhelming it with excessive traffic or resource utilization, rendering it unable to fulfill legitimate requests. Denial-of-Service (DoS) attacks come in various forms and exploit different weaknesses in a network or system to disrupt its availability. […]
-
Hunting Shortcut Files: Mapping “.LNKs” to a Target File
Intro Shortcuts, also known as symbolic links, are simple files that provide convenient access to frequently used programs. These files are popular among users for their ease of use and accessibility. However, adversaries are also drawn to shortcuts as they provide a covert method for executing malicious programs. By disguising commands and harmful software within […]