DLL injections that originate from a malicious DLL written to a disk are commonly detected by any decent AV product. Detecting reflective DLL injection, however, are not as straightforward. Malware injected directly into a process using reflective DLL injection typically will not exist on disk. A co-worker of mine developed
Month: November 2017
Hunting Self-signed Certificates
Self-signed certificates could be indicative of malicious behavior on a system and being able to identify them is a key task in responding to an incident. Having self-signed certificates in an environment isn’t always a bad thing but not being able to identify them and their purpose is! Nonetheless, taking
Hashes of All Running Processes
A great starting point for anyone analyzing a system is the running processes. Taking the time to not only retrieve the command line execution of the process but also the parent process will enable you to find outliers. Taking it a step further, retrieving the hashes of the binary of