InDetect FYIbymthchtThreat Hunting — Suspicious Windows Service NamesSimulation and DetectionJan 81Jan 81
InDetect FYIbymthchtEvent Log Manipulations - Time slippingAfter reading Alex’s latest article, I’m inspired to start a detection serie dedicated to Event Log manipulation techniques, with our first…Jan 13Jan 13
InDetect FYIbymthchtThreat Hunting - Suspicious User AgentsHunting for Suspicious User Agents with SplunkJan 12Jan 12
InDetect FYIbymthchtDetecting DNS over HTTPSDetecting DNS over HTTPS - DoH with a SIEM - logs analysisNov 7, 20231Nov 7, 20231
InDetect FYIbymthchtDetect DLL Hijacking techniques from HijackLibs with SplunkSplunk detections searchesOct 1, 2023Oct 1, 2023
InDetect FYIbymthchtHow Threat Actors use PastebinWhy is it important to monitor paste sites? detection tipsAug 24, 2023Aug 24, 2023
mthchtLOLBAS Detection Serie [2] — Mspub.exe + ProtocolHandler.exe + MsoHtmEd.exeThe LOLBAS serie : https://medium.com/@mthcht/list/lolbas-843ba9de6810Aug 23, 2023Aug 23, 2023
InDetect FYIbymthchtLOLBAS Detection Serie [1] - AppInstaller.exeTesting and Detecting LOLBAS techinquesAug 21, 2023Aug 21, 2023
InDetect FYIbymthchtDetecting Phishing attempts with DNSTWISTDNSTWIST for SOC & CTIAug 15, 2023Aug 15, 2023
mthchtHunting for suspicious ports activitiesUsing the list of suspicious ports: https://github.com/mthcht/awesome-lists/blob/main/Lists/suspicious_ports_list.csv (updated regularly)Aug 7, 2023Aug 7, 2023
InDetect FYIbymthchtDetecting HTML smuggling phishing attemptsExample from a real phishing attempt (BASE64 + AES):Aug 7, 2023Aug 7, 2023
mthchtC2 Hiding in plain sightUnderstanding your environment with the applications used and allowed will enhances the effectiveness of your hunt here.Aug 7, 2023Aug 7, 2023