Mahdi hatamiThreat Actors Using ISO and Windows Shortcuts Instead of Macros. APT 29 Analysis.Palo Alto have analyzed several spear-phishing campaigns linked with this APT29 that involve the usage of a side-loaded DLL through signed…Aug 19, 2022Aug 19, 2022
Mahdi hatamiAPT 28 Threat Hunting and Malware AnalysisAccording to Malwarebytes In a recent campaign, APT28, an advanced persistent threat actor attributed to Russian intelligence, set its…Aug 8, 2022Aug 8, 2022
Mahdi hatamiHunting suspicious LDAP queries in tons of logsEnumeration and Reconnaissance in AD EnvironmentJun 5, 2022Jun 5, 2022
Mahdi hatamiAttack and Hunting Lateral Movement with Service Control Manager(SVCCTL)There are some lateral movement techniques that don't rely on vulnerabilities, like WMI, PsExec and Dcom. These methods require that…May 25, 20221May 25, 20221