![]() Irregularities in the network share definition user names, share names, permissionsįiles opened by processes locations, user, permissionsĬhecking all active LSA sessions for duration or known and typical evil user names from known APT casesĪnalysis of all local services to detect uncommon configurations service executable location, start type and user account combination, malware names in service image path etc.Ĭhecking the scheduled tasks for malicious entries length of the user sessions, remote end pointĪnalysis of the current running processes for strange Hooks/File Handles/Mutex definitions, network connections, memory strings, working directories, cloaking attemptsĬhecks for rootkits using Named Pipes or communicate via Device IO controlsĪnalysis of all active network connections users, process ids, end points, strange port numbers Parses OBJECTS.DATA files, lists registered elements and warns on suspicious onesĬhecks identifying irregularities in the user profile directoriesĭetects malicious tools in the SHIM Cache registry section that logs binary executions on Windows systemsĪnalysis of logged shell bags that show which locations of the file systems have been accessed by usersĬhecking DNS cache entries for suspicious or malicious domain namesĬhecking the local firewall for suspicious rule definitionsĬhecking the current active sessions for suspicious attributes – e.g. Processes all autoruns elements, plugins, registered drivers, WMI consumer, LSA providers and applies the IOC database MD5/SHA1/SHA256ĭetect malware or hack tools based on filename characteristics (Regular Expression)ĭetect malware or hack tools based on YARA signatures (file and process memory scan)ĭetect attacker activity and traces of the hack tool usage in Windows Eventlogs (including SysInternals Sysmon, Windows Defender, Applocker, PowerShell and others)ĭetect typical keys used in APT groups to maintain persistence on the system ![]() Detect malware or hack tools based on custom file hashes. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |