You are browsing the archive for EDR.

WerFault – command line switches v0.1

September 20, 2019 in EDR, threat hunting

I posted about werfault.exe a couple of times before. Some of the posts focused on persistence mechanisms, some on lolbinish behavior, but I thought it would be good to dedicate […]

Moar and Moar Agents – sthap!

July 27, 2019 in EDR, Preaching

$Vendors love agents. One does the AV One does the DFIR One does the EDR One does the CIDS One does the DLP One does the FIM One does the […]