You are browsing the archive for EDR.

Hiding process creation and cmd line with a long com…

March 29, 2020 in Anti-Forensics, Compromise Detection, EDR

How long is the command line buffer? Depends on a program… How much of command line do Sysmon, 4688 events log? A finite amount. ‘Depends’ minus ‘finite’ == opportunity. Re-visiting […]

The Hour Between Dog and Wolf

January 1, 2020 in EDR, Mitre Att&ck, Off-topic, Preaching, Uncategorized

10-15 years ago DFIR / EDR / Threat Hunting were not even a ‘thing’. Apart from law enforcement efforts, and a few consulting companies… there were literally no companies doing […]