A collection of cybersecurity content.

Tag: T1566.001

  • Hunting Shortcut Files: Mapping “.LNKs” to a Target File

    Hunting Shortcut Files: Mapping “.LNKs” to a Target File

    Intro Shortcuts, also known as symbolic links, are simple files that provide convenient access to frequently used programs. These files are popular among users for their ease of use and accessibility. However, adversaries are also drawn to shortcuts as they provide a covert method for executing malicious programs. By disguising commands and harmful software within […]

  • Macros: Hunting for Documents that Users Trusted and Enabled

    Macros: Hunting for Documents that Users Trusted and Enabled

    Intro In a previous blog, I visited the topic of identifying internet-sourced files on a host system to help incident response teams quickly collect information to investigate a potential incident by utilizing Zone Identifiers. This information is crucial to gather as it could often answer the questions surrounding source attribution. So now that we found […]

  • Zone Identifier 3: Finding All Files Originating from the Internet

    Zone Identifier 3: Finding All Files Originating from the Internet

    Intro Did you know you can easily find all your internet downloaded files on Windows and the website links they came from even if you cleared your browser history? Windows uses “tag” attributes called Zone Identifiers, which are a feature in Windows that assigns values between 0-4 (by default) to files in order to track […]