Common Tools & Techniques Used By Threat Actors and Malware — Part II

Image for post
Image for post
Photo by Timothy Newman on Unsplash

Phishing / Malicious Macros

Detection Opportunity

Log Visibility

Detection Rules

RDP Brute Force

Detection Opportunity

Log Visibility

Process Hollowing

Detection Opportunity

Log Visibility

Named Pipes

Detection Opportunity

Log Visibility

Registry Keys / Scheduled Tasks Persistence

Detection Opportunity

Log Visibility

LSASS / Secrets Dumping

Detection Opportunity

ntdsutil "ac in ntds" "ifm" "cr fu [Path]" q q
rundll32.exe C:\windows\System32\comsvcs.dll, MiniDump [PID] [Path] full

Log Visibility

Conclusion

Resources

#ThreatHunting #WindowsInternals #Malware #DFIR and occasionally #Python.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store