A collection of cybersecurity content.

Month: February 2023

  • Applications: Identifying Social Engineering Installations

    Applications: Identifying Social Engineering Installations

    Intro Windows OS maintains a repository in the registry to keep track of applications that have been installed using the Windows Installer. This database is used by varying parts of the operating system in order to manage the installation, modification, and removal of software on the host. This information can aid incident responders in determining […]

  • Hunting Indirect Command Execution Using FTP

    Hunting Indirect Command Execution Using FTP

    Intro Ftp.exe can be used for starting arbitrary processes and commands. Indirect Command Execution is a technique used by adversaries to execute arbitrary commands through a trusted system or application. Adversaries use this technique to evade security controls and conceal their actions, making it difficult for defenders to detect and prevent malicious activity. Did you […]

  • Windows Firewall: Collecting Configuration Evidence

    Windows Firewall: Collecting Configuration Evidence

    Intro The Windows Firewall is a host-based feature in Windows OS that helps protect the computer from unauthorized access to the network and the internet. It is used to restrict incoming and outgoing network traffic based on a set of user-defined rules. The firewall monitors the network traffic and blocks any traffic that does not […]

  • Startup Folders: Persistence on Windows

    Startup Folders: Persistence on Windows

    Intro The Startup folder in Windows is a location that plays an important role in the functioning of a system. Essentially, it contains shortcuts to applications that are automatically launched when a user logs in to the system. This can be a convenient way for IT teams to automate various tasks and ensure necessary software […]

  • PowerShell History: Examining the ConsoleHost_History.txt File

    PowerShell History: Examining the ConsoleHost_History.txt File

    Did you know that Windows OS stores a history of its PowerShell console commands in a file on the hard drive? Intro The ConsoleHost_history.txt file is a log file for Windows PowerShell that records all the commands executed in the console which is updated every time a command is executed. This file provides a list […]

  • Fork Bombs: Hardening Unix-Systems from Denial of Service (DoS) Attacks

    Fork Bombs: Hardening Unix-Systems from Denial of Service (DoS) Attacks

    Intro A Denial-of-Service (DoS) attack is a malicious attempt to disrupt the availability of a computer, network, or website by overwhelming it with excessive traffic or resource utilization, rendering it unable to fulfill legitimate requests. Denial-of-Service (DoS) attacks come in various forms and exploit different weaknesses in a network or system to disrupt its availability. […]

  • Hunting Shortcut Files: Mapping “.LNKs” to a Target File

    Hunting Shortcut Files: Mapping “.LNKs” to a Target File

    Intro Shortcuts, also known as symbolic links, are simple files that provide convenient access to frequently used programs. These files are popular among users for their ease of use and accessibility. However, adversaries are also drawn to shortcuts as they provide a covert method for executing malicious programs. By disguising commands and harmful software within […]

  • Macros: Hunting for Documents that Users Trusted and Enabled

    Macros: Hunting for Documents that Users Trusted and Enabled

    Intro In a previous blog, I visited the topic of identifying internet-sourced files on a host system to help incident response teams quickly collect information to investigate a potential incident by utilizing Zone Identifiers. This information is crucial to gather as it could often answer the questions surrounding source attribution. So now that we found […]