Tomasz KozlowskiSOC140 — Phishing Mail Detected — Suspicious Task SchedulerBy Tomasz KozlowskiMay 13May 13
Tomasz KozlowskiSOC274 — Palo Alto Networks PAN-OS Command Injection Vulnerability Exploitation (CVE-2024–3400)by Tomasz KozlowskiApr 28Apr 28
Tomasz KozlowskiSOC227 — Microsoft SharePoint Server Elevation of Privilege — Possible CVE-2023–29357 ExploitationThe CVE-2023–29357 vulnerability is a critical privilege escalation vulnerability that, when combined with other vulnerabilities, could…Oct 7, 2023Oct 7, 2023
Tomasz KozlowskiPsExec as an APT service. PsExecAAAPTS;-)PsExec is a command-line tool developed by Sysinternals, which is now owned by Microsoft, that allows users to run processes on remote…Jan 18, 2023Jan 18, 2023
Tomasz KozlowskiAPT 1 vs U.S. Office of Personnel Management (OPM)Advanced Persistent Threat (APT) 1, also known as the Chinese state-sponsored hacking group “Comment Crew” or “Shanghai Group,” has been…Jan 18, 2023Jan 18, 2023
Tomasz KozlowskiSOC170 — Passwd Found in Requested URL — Possible LFI Attack — Lets Defend WriteupBasic information about the incident :Nov 30, 2022Nov 30, 2022
