Goods4CyberSec

A collection of cybersecurity content.

Tag: defense evasion

  • Modifying User and System Shell Folder Paths: Collecting Evidence

    Modifying User and System Shell Folder Paths: Collecting Evidence

    Intro User and System Shell folders are a bunch of folders in Windows used to store a lot of the user’s personal data and settings. You most likely know these as Desktop, Start Menu, My Documents, and Startup folders. There are many others but those are some of the most popular. These locations are also […]

  • Hunting Indirect Command Execution Using FTP

    Hunting Indirect Command Execution Using FTP

    Intro Ftp.exe can be used for starting arbitrary processes and commands. Indirect Command Execution is a technique used by adversaries to execute arbitrary commands through a trusted system or application. Adversaries use this technique to evade security controls and conceal their actions, making it difficult for defenders to detect and prevent malicious activity. Did you […]

  • Windows Firewall: Collecting Configuration Evidence

    Windows Firewall: Collecting Configuration Evidence

    Intro The Windows Firewall is a host-based feature in Windows OS that helps protect the computer from unauthorized access to the network and the internet. It is used to restrict incoming and outgoing network traffic based on a set of user-defined rules. The firewall monitors the network traffic and blocks any traffic that does not […]

  • Hunting Shortcut Files: Mapping “.LNKs” to a Target File

    Hunting Shortcut Files: Mapping “.LNKs” to a Target File

    Intro Shortcuts, also known as symbolic links, are simple files that provide convenient access to frequently used programs. These files are popular among users for their ease of use and accessibility. However, adversaries are also drawn to shortcuts as they provide a covert method for executing malicious programs. By disguising commands and harmful software within […]