Use of Tox protocol in malware 2024-9-22 08:41:0 | 阅读: 8 | 收藏 | boredhackerblog - www.boredhackerblog.info

Progressive Web Apps (PWA) on Windows - forensics and detection of use IntroductionProgressive Web app (PWA) is just a webapp that can be installed as an app on a system... 2024-6-20 09:11:0 | 阅读: 18 | 收藏 | boredhackerblog - www.boredhackerblog.info chrome pwa progressive phishing microsoft

observed in the wild - batch obfuscation technique and an interesting way to run powershell code Saw these two things in the wild while looking at some samples.Batch ObfuscationMalicious batch fil... 2024-3-24 07:27:0 | 阅读: 18 | 收藏 | boredhackerblog - www.boredhackerblog.info powershell oneconsult inferably 55257

Speeding up report reading and security/SOC alert triaging by auto-highlighting keywords on webpages Introduction:If you're a security analyst or threat researcher, you may spend a lot of time reading... 2023-12-22 01:33:0 | 阅读: 6 | 收藏 | boredhackerblog - www.boredhackerblog.info github customize finds

Quick sample analysis which ended up dropping asyncrat I came across a sample that involving traffic to 91.92.242.28:222.There is sandbox report here: ht... 2023-11-18 08:52:0 | 阅读: 13 | 收藏 | boredhackerblog - www.boredhackerblog.info tron coment launching microsoft powershell

Using command line redirection and DLL ordinals to potentially bypass detections I came across this during a pentest. The techniques mentioned here are not new and there are alread... 2023-10-23 02:33:0 | 阅读: 22 | 收藏 | boredhackerblog - www.boredhackerblog.info comsvcs ntds attacker rundll32 minidump

Installing Whonix Gateway on Proxmox for threat & malware research IntroWhonix is a tool for routing traffic through Tor.  Whonix VM's come as Desktop/with UI or CLI.... 2023-10-8 01:32:0 | 阅读: 48 | 收藏 | boredhackerblog - www.boredhackerblog.info whonix network proxmox 152 wiki

OpenSSL-1.0.0-fipps Linux Backdoor - Notes Introduction:In some security/malware chat room, someone posted about an ELF backdoor, at the time,... 2022-11-30 06:39:0 | 阅读: 12 | 收藏 | boredhackerblog - www.boredhackerblog.info c2 fipps submission sysv

Looking for EvilProxy - Notes Introduction:This started with someone asking about EvilProxy and any signatures for detecting it.... 2022-11-22 05:35:0 | 阅读: 9 | 收藏 | boredhackerblog - www.boredhackerblog.info evilproxy urlscan phishing 444 lmo

Researching golang malware and how I hate security industry naming conventions - Part 1 While doing some research on the use of golang in malware, I came across this golang sample here: h... 2022-10-17 23:11:0 | 阅读: 7 | 收藏 | boredhackerblog - www.boredhackerblog.info gotroj gsh winservice darkdoor

Researching golang malware and how I hate security industry naming conventions - Part 2 I did some string searches in Hybrid-Analysis as well to look for more files. (Thanks Hybrid-Analys... 2022-10-17 23:11:0 | 阅读: 11 | 收藏 | boredhackerblog - www.boredhackerblog.info c2 analysis filesize 181 0x5a4d

Looking at process relationships from malware sandbox execution data Introduction:This blog post discusses looking at process relationships, specifically from malware s... 2022-10-16 01:42:0 | 阅读: 10 | 收藏 | boredhackerblog - www.boredhackerblog.info analysis database ilike commandline

Remotely managing Sysmon configuration through Graylog Sidecar Introduction:Sysmon is a tool from Microsoft that can help with collecting better logs (compared to... 2022-8-19 03:48:0 | 阅读: 12 | 收藏 | boredhackerblog - www.boredhackerblog.info sysmon sidecar graylog windows github

Screenshotting/scanning domains from certstream with littleshot to find interesting content Introduction:Certstream is a great service which provides updates from Certificate Transparency Log... 2022-7-21 03:43:0 | 阅读: 8 | 收藏 | boredhackerblog - www.boredhackerblog.info littleshot certstream humio github

Building a honeypot network with inetsim, suricata, vector.dev, and appsmith I wanted to learn a bit more about data engineering, databases, app building, managing systems, and... 2022-7-14 07:28:0 | 阅读: 39 | 收藏 | boredhackerblog - www.boredhackerblog.info inetsim sensors suricata webapp sensor

Quick analysis of stealer malware sent via discord Introduction:Just a quick analysis of malware sent via discord...I got the malicious file from some... 2022-3-6 04:36:0 | 阅读: 6 | 收藏 | boredhackerblog - www.boredhackerblog.info analysis webhook triage chrome

notes/links about log collection, storage, and searching IntroductionJust some notes about log collection, storage, and searching.I just want to be able to... 2021-12-13 12:0:0 | 阅读: 7 | 收藏 | boredhackerblog - www.boredhackerblog.info loki windows fluentbit logstash github

Collecting Unifi logs with Vector and Grafana Loki IntroductionThis post just discusses sending unifi logs to grafana loki and utilizing vector.dev/ve... 2021-11-27 07:53:0 | 阅读: 15 | 收藏 | boredhackerblog - www.boredhackerblog.info loki syslog unifi remote

Creating a malware sandbox for sysmon and windows event logs with virtualbox and vmexec IntroductionI was doing some research around detection related to maldoc/initial access. Usually, I... 2021-4-11 05:22:0 | 阅读: 4 | 收藏 | boredhackerblog - www.boredhackerblog.info github odfe kibana windows

Creating an Active Directory (AD) lab for log-based detection research and development with Vagrant, Humio, and AtomicRedTeam introductionFew years or months ago, I came across DetectionLab project and thought it was neat. It... 2021-1-31 03:40:0 | 阅读: 1 | 收藏 | boredhackerblog - www.boredhackerblog.info windows download machine winlogbeat