Detecting Suspicious Communication to LocaltoNet Tunneling Service
Introduction Communication with tunnelling services like LocaltoNet can be a red flag in network security. LocaltoNet is a reverse proxy...
Threat Hunting
Threat Hunt: Detecting LSASS Memory Dump via ProcDump
Introduction The Local Security Authority Subsystem Service (LSASS) process in Windows systems manages the security policy, writes to the Security...
Threat Hunt: Detecting Excessive File Writes/Modifications with Ransomware Note Extensions
Published Date: 06/03/2024 Introduction Ransomware attacks often involve encrypting files on a victim's system and leaving ransom notes with instructions...
Threat Hunt: Detecting Encoded PowerShell Commands
Published Date: 06/03/2024 Introduction This hunt aims to identify potentially malicious activities involving encoded PowerShell commands. Encoded commands are a...
