Threat Hunting with sysmon 101 part 4: Loading events in pandas dataframe
Loading sysmon events in pandas dataframe In the past article, we used powershell scripting to filter the events and perform basic querying, in this article ...
Recent Posts
Threat Hunting with sysmon 101 part 3: Command line investigation
Threat Hunting with sysmon: Command line investigation In this article, we’ll look at Mitre technique T1059.001 Command and Scripting Interpreter: PowerShell...
Threat Hunting with sysmon 101 part 2: Process creation event
Threat Hunting with sysmon: Process creation event
Threat Hunting with sysmon 101 part 1: sysmon installation
Threat Hunting with sysmon: sysmon installation
Welcome to Jekyll!
You’ll find this post in your _posts directory. Go ahead and edit it and re-build the site to see your changes. You can rebuild the site in many different wa...
Threat Hunting with sysmon 101
Introduction I will begin a new series of blog posts where I engage in threat hunting using sysmon logs. Throughout the process, I will utilize free tools a...
EG-CTF 2019 ‘DGA’ challenge writeup
Introduction EG-CTF 2019 was held on 15-Nov-2019, most of the challenges were written by people working at EG-CERT, this challenge is not one of those chal...
Things that i forget
Introduction This is post will host things that i usually write from scratch every time i need them. POWERSHELL Read sysmon logs Get-winevent...
Welcome to Jekyll!
You’ll find this post in your _posts directory. Go ahead and edit it and re-build the site to see your changes. You can rebuild the site in many different wa...
Frida hooking android part 5: Bypassing AES encryption
Introduction In this post we will hook Java’s Crypto library using frida to acquire the data in clear text and the decryption/encryption keys from an androi...
Frida hooking android part 4
Introduction In this post we will not use console.log to print data, we will send the data from the JS code to the python code for more processing, and then...
Frida hooking android part 3
Introduction In the previous post, We were able to call function secret as soon as we attach our JS script into the target application process,in this tutor...
Frida hooking android part 2
Introduction In the previous post, i showed you how to intercept function calls ,log and modify the arguments, we will repeat this again in this post but wi...
Frida hooking android part 1
Introduction In this post and the next few posts we will talk about Frida the Dynamic Binary Instrumentation tool, I will show you some examples that highli...