mthchtinDetect FYIThreat Hunting — Suspicious Windows Service NamesSimulation and DetectionJan 81Jan 81
mthchtinDetect FYIEvent Log Manipulations - Time slippingAfter reading Alex’s latest article, I’m inspired to start a detection serie dedicated to Event Log manipulation techniques, with our first…Jan 13Jan 13
mthchtinDetect FYIThreat Hunting - Suspicious User AgentsHunting for Suspicious User Agents with SplunkJan 12Jan 12
mthchtinDetect FYIDetecting DNS over HTTPSDetecting DNS over HTTPS - DoH with a SIEM - logs analysisNov 7, 20231Nov 7, 20231
mthchtinDetect FYIDetect DLL Hijacking techniques from HijackLibs with SplunkSplunk detections searchesOct 1, 2023Oct 1, 2023
mthchtinDetect FYIHow Threat Actors use PastebinWhy is it important to monitor paste sites? detection tipsAug 24, 2023Aug 24, 2023
mthchtLOLBAS Detection Serie [2] — Mspub.exe + ProtocolHandler.exe + MsoHtmEd.exeThe LOLBAS serie : https://medium.com/@mthcht/list/lolbas-843ba9de6810Aug 23, 2023Aug 23, 2023
mthchtinDetect FYILOLBAS Detection Serie [1] - AppInstaller.exeTesting and Detecting LOLBAS techinquesAug 21, 2023Aug 21, 2023
mthchtinDetect FYIDetecting Phishing attempts with DNSTWISTDNSTWIST for SOC & CTIAug 15, 2023Aug 15, 2023
mthchtHunting for suspicious ports activitiesUsing the list of suspicious ports: https://github.com/mthcht/awesome-lists/blob/main/Lists/suspicious_ports_list.csv (updated regularly)Aug 7, 2023Aug 7, 2023
mthchtinDetect FYIDetecting HTML smuggling phishing attemptsExample from a real phishing attempt (BASE64 + AES):Aug 7, 2023Aug 7, 2023
mthchtC2 Hiding in plain sightUnderstanding your environment with the applications used and allowed will enhances the effectiveness of your hunt here.Aug 7, 2023Aug 7, 2023