Unknown – WindowsTechs.com

A Look At Threat Intel Through The Lens Of Kimsuky

Posted on March 22, 2024 by Unknown

Rapid7 recently shared a fascinating post regarding the Kimsuky threat actor group making changes in their playbooks, specifically in their apparent shift to the use of .chm/”compiled HTML Help” files. In the post, the team does a great job of sharing … Continue reading A Look At Threat Intel Through The Lens Of Kimsuky→

Threat Actors Dropping Multiple Ransomware Variants

Posted on March 22, 2024 by Unknown

I ran across an interesting LinkedIn post recently, “interesting” in the sense that it addressed something I hadn’t seen a great deal of reporting on; that is, ransomware threat actors dropping multiple RaaS variants within a single compromised organiz… Continue reading Threat Actors Dropping Multiple Ransomware Variants→

Uptycs Cybersecurity Standup

Posted on March 15, 2024 by Unknown

I was listening to a couple of fascinating interviews on the Uptycs Cybersecurity Standup podcast recently, and I have to tell you, there were some pretty insightful comments from the speakers.The first one I listened to was Becky Gaylord talking about… Continue reading Uptycs Cybersecurity Standup→

Investigative Scenario, 2024-03-12

Posted on March 14, 2024 by Unknown

Investigative ScenarioChris Sanders posted another investigative scenario on Tues, 12 Mar, and this one, I thought, was interesting (see the image to the right).First off, you can find the scenario posted on X/Twitter, and here on LinkedIn.Now, let’s g… Continue reading Investigative Scenario, 2024-03-12→

PCAParse

Posted on February 27, 2024 by Unknown

I was doing some research recently regarding what’s new to Windows 11, and ran across an interesting artifact, which seems to be referred to as “PCA”. I found a couple of interesting references regarding this artifact, such as this one from Sygnia, and… Continue reading PCAParse→

A Look At Threat Intel, Through The Lens Of The r77 Rootkit

Posted on February 24, 2024 by Unknown

It’s been almost a year, but this Elastic Security write-up on the r77 rootkit popped up on my radar recently, so I thought it would be useful to do a walk-through of how someone with my background would mine open reporting such as this for actionable … Continue reading A Look At Threat Intel, Through The Lens Of The r77 Rootkit→

Lists of Images

Posted on January 23, 2024 by Unknown

There’re a lot of discussions out there on social media regarding how to get started or improve yourself or set yourself apart in cybersecurity, and lot of the advice centers around doing things yourself; setting up a home lab, using various tools, etc… Continue reading Lists of Images→

EDRSilencer

Posted on January 15, 2024 by Unknown

There’s been a good bit of discussion in the cybersecurity community regarding “EDR bypasses”, and most of these discussions have been centered around technical means a threat actor can use to “bypass” EDR. Many of these discussions do not seem to take… Continue reading EDRSilencer→

Human Behavior In Digital Forensics, pt III

Posted on January 10, 2024 by Unknown

So far, parts I and II of this series have been published, and at this point, there’s something that we really haven’t talked about.That is, the “So, what?”. Who cares? What are the benefits of understanding human behavior rendered via digital forensic… Continue reading Human Behavior In Digital Forensics, pt III→

Human Behavior In Digital Forensics, pt II

Posted on January 6, 2024 by Unknown

On the heels of my first post on this topic, I wanted to follow up with some additional case studies that might demonstrate how digital forensics can provide insight into human activity and behavior, as part of an investigation.Targeted Threat ActorI w… Continue reading Human Behavior In Digital Forensics, pt II→