All too often an interesting item is discovered on a system and everyone wants to know if the item exists on any other system. This could be a daunting task but this can be accomplished using PowerShell. With the location and name of the file in hand, the following can
Malware
Fileless Malware Storage: Event Logs– 3 of 4
Up to this point, we’ve touched on using Active Directory and the Registry to store code for later use. To add on to the topic, we can also use Event Logs. The effectiveness of this technique is based on the environment in which one looks to use it. I say
Fileless Malware Storage: Active Directory– 2 of 4
In my last post, I spoke on the use of the Registry to store malicious code to call upon at a later time. In this post, I’ll discuss using Active Directory to store code. Essentially, Active Directory is a hierarchical structure that stores information about objects on the network, particularly
Fileless Malware Storage: Registry – 1 of 4
Malware delivery methods have changed over the years and in some cases, repeated themselves. Within the last couple of years, fileless malware has become prevalent and more widely seen. How this malware is stored on disk varies. Frankly speaking, anywhere that can store data, be it hex or ascii, serves
Hashes of All Running Processes
A great starting point for anyone analyzing a system is the running processes. Taking the time to not only retrieve the command line execution of the process but also the parent process will enable you to find outliers. Taking it a step further, retrieving the hashes of the binary of