You are browsing the archive for Compromise Detection.

Event ID 7039 – out…pid a pid

February 26, 2021 in Compromise Detection, Sysmon, threat hunting

This event is not very well explained on the internet, so I took a liberty of describing it below: The event message is as follows: A service process other than […]


February 19, 2021 in Anti-Forensics, Compromise Detection, Living off the land, Reusigned Binaries

The previous posts about hosts files build a foundation for the trick I wanted to cover in this post. Most of native LOLBINish downloaders are already known (certutil, BITS, etc.). […]