You are browsing the archive for EDR.

Not installing the installers, part 2

May 22, 2022 in Archaeology, Batch Analysis, Clustering, EDR, Forensic Analysis, GoodWare, Sandboxing

In the last post I described how we can pull some interesting metadata from decompiled installers. Today I want to discuss one practical example of how this data can enrich […]

Hiding process creation and cmd line with a long com…

March 29, 2020 in Anti-Forensics, Compromise Detection, EDR

How long is the command line buffer? Depends on a program… How much of command line do Sysmon, 4688 events log? A finite amount. ‘Depends’ minus ‘finite’ == opportunity. Re-visiting […]