Sysmon doing lines, part 2
December 11, 2017 in Living off the land, Sideloading
Sysmon is a cool tool and we love it. Sometimes it does not work as expected though. It’s late so just dropping another recipe here: Name your DLL wevtapi.dll Run […]
You are browsing the archive for Sideloading.
Running programs via Proxy & jumping on a EDR-bypass trampoline, Part 4
October 29, 2017 in Anti-Forensics, Compromise Detection, EDR, Forensic Analysis, Incident Response, Living off the land, LOLBins, Malware Analysis, Sideloading
Here’s yet another subclass of tricks one can use to distort the process tree seen by EDR and sandbox solutions. Many Windows programs launch other internal Windows programs (native to […]