You are browsing the archive for Compromise Detection.

Yet another secret of hosts file

February 18, 2021 in Anti-*, Anti-Forensics, Archaeology, Compromise Detection

In my old post I mentioned not a very well known hosts.ics file. Today I cover one more secret that I stumbled upon while digging inside DNS API internals. Turns […]

Hiding process creation and cmd line with a long com…

March 29, 2020 in Anti-Forensics, Compromise Detection, EDR

How long is the command line buffer? Depends on a program… How much of command line do Sysmon, 4688 events log? A finite amount. ‘Depends’ minus ‘finite’ == opportunity. Re-visiting […]