You are browsing the archive for threat hunting.

That’s a very fine Chardonnay you’re not drinking

August 26, 2019 in threat hunting

Update This post is vague on names, vendors, products. Simple reason: I don’t want to get sued. However, I give you all the tools to go and find the vendors […]

taskhost.exe $(Arg0) & its other arguments

July 1, 2019 in threat hunting

While looking at Sysmon logs on Windows 7 I noticed a strange process entry that had the following properties: service.exe – as a parent process taskhost.exe – as an image […]