Sign in

I write about #ThreatHunting #WindowsInternals #Malware #DFIR and occasionally #Python.

Today Microsoft started rolling out the newest version of Windows to computers around the world. I wanted to check what new and interesting ETW providers were included in this official release.

Note: to get these results I did a diff between providers from windows version 21H1 (Win 10) and 21h2…

Introduction

Hello and welcome to this follow up blog on ETW. If you haven't read the first part I highly suggest you do because this will be a direct build up on the concepts introduced there. (Link below)

Last time we talked about ETW and its different component. This time i…

Introduction

The holy grail for defenders is being able to detect /stop every attack before / when it happens and to know exactly the how’s no matter the techniques or tools. Unfortunately we’re still far from this holy grail, but as defenders we’ve come a long way on being able to…

In the first post of this series about Symantec EDR Internals, I've talked about “Criterion” a machine learning engine used by SEDR to detect files in the gray area. If you haven't read it please do (Link below)

For this post we’ll talk about a feature of SEDR called enrichment…

Hello and welcome to the fourth blog post in this series about understanding and detecting C2 frameworks.

As always if you haven’t checked the previous blogs. Please do via the following links

Introduction

Hello and welcome to the third blog post in this series about understanding and detecting C2 frameworks.

If you haven't checked the previous blogs please do as we’ve already analyzed both “Ares” and “TrevorC2”

Today we’re…

Introduction

Hello and welcome to the second blog post of this series about understanding and detecting C2 frameworks. If you haven't read the first blog i highly suggest you do to get a feel of what i’ll be talking about today.

The next C2 framework i decided to look at today…

Introduction

Hello and welcome to this new blog series titled “Understanding & Detecting C2 Frameworks”. In the coming weeks and months, i’ll be doing some analysis and deep dives into old and new open source C2 frameworks. Analyzing the source code and try to understand the inner workings in the hope…

In the recent weeks I’ve been doing some research into Symantec EDR and looking into the technologies that are used to generate the incidents and events inside of the platform. In the hope to get a better understanding of the detection process and mechanisms within.

Seeing a file classified as…

Nasreddine Bencherchali

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store