Sysmon doing lines, part 2
December 11, 2017 in Living off the land, Sideloading
Sysmon is a cool tool and we love it. Sometimes it does not work as expected though. It’s late so just dropping another recipe here: Name your DLL wevtapi.dll Run […]
December 11, 2017 in Living off the land, Sideloading
Sysmon is a cool tool and we love it. Sometimes it does not work as expected though. It’s late so just dropping another recipe here: Name your DLL wevtapi.dll Run […]
October 29, 2017 in Anti-Forensics, Compromise Detection, EDR, Forensic Analysis, Incident Response, Living off the land, LOLBins, Malware Analysis, Sideloading
Here’s yet another subclass of tricks one can use to distort the process tree seen by EDR and sandbox solutions. Many Windows programs launch other internal Windows programs (native to […]