Yara Carpet Bomber, Part 2
January 18, 2022 in Yara sigs
Steve asked about the use cases for Yara Carpet Bomber approach and in this twitter convo I provided 2 examples of quick & dirty Yara rules: that help to find […]
Beyond good ol’ Run key, Part 136
January 18, 2022 in Autostart (Persistence), Living off the land, LOLBins
I love Office-based Persistence mechanisms, because there is always… one more to discover 🙂 Take your Winword.exe from Office 2021 or Office 365. When it loads, it check if the […]