Blog
2024
-
Microsoft Teams + DarkGate Malware = A Match Made In Heaven - Part 1
- 04-19-2024
It was quite a mundane Monday, I had just signed off for the day and was looking forward to dinner plans with my family, when a delightful email graced my inbox. It was an alert for some suspicious cscript activity on an endpoint that needed to be investigated. Not good.
-
The Case Of The Missing Method
- 02-01-2024
Today is a quick and fun one, we are going to look at an unassuming .vbs file titled “Scanned-REF23CR1103BILLED.vbs”. Surely legitimate business, right?
2023
-
Fake Software Abusing Real Software For Fun And Profit - Part 2!
- 09-29-2023
Picking up where we left off, from Part 1.
-
Fake Software Abusing Real Software For Fun And Profit - Part 1!
- 08-24-2023
Today I want to look at an interesting infection that abuses legitimate software in an attempt to stay covert and perform malicious activity, unnoticed.
-
Google Chrome Update? More Like Infected With Netsupport Rat!
- 07-31-2023
Today we received an alert about and endpoint running a suspicious commandline:
-
Defeating Obfuscation With Dynamic Analysis And Powershell Logging
- 06-13-2023
It all started with ‘Creative Content Production.js’
-
Multi-Language Script Execution Leads to Asyncrat
- 03-17-2023
Today I was reviewing Crowdstrike High and Critical detections for the entire org.