with it in a few weeks or months if I pour enough ti and effort into it. I'll be watcNice tutorialng many more of your videos for tips and inspiration.
Very cool, thanks for the presentation. As a strictly blue team guy, this really reminds how threats can come from practically anywhere--even event logs, wtf?! I'd also be curious if you have found any reliable detection methods for this kind of behavior.
Great presentation! From a blue team perspective it'll be interesting to find ways of detecting this. Have you done any post mortem on devices where this methodology was utilised? Presumably the parent process would be the 'BHIS3.exe', or is some other process used? Are there any interesting command line parameters available that could be used for identifying this execution method? Also, does BHIS3.exe compile the malicious EXE then save it to disk (potentially triggering an AV detection), or does it load it right into memory, effectively a 'file less' malware?
Caught you guys live, but of course, work called. Glad you are reposting this valuable training to RUclips!
I love soft soft so so so so much!
with it in a few weeks or months if I pour enough ti and effort into it. I'll be watcNice tutorialng many more of your videos for tips and inspiration.
Thank you
Very cool, thanks for the presentation. As a strictly blue team guy, this really reminds how threats can come from practically anywhere--even event logs, wtf?! I'd also be curious if you have found any reliable detection methods for this kind of behavior.
The category can be one and is common for windows services.
nice
Nice job!
Great presentation! From a blue team perspective it'll be interesting to find ways of detecting this. Have you done any post mortem on devices where this methodology was utilised? Presumably the parent process would be the 'BHIS3.exe', or is some other process used? Are there any interesting command line parameters available that could be used for identifying this execution method?
Also, does BHIS3.exe compile the malicious EXE then save it to disk (potentially triggering an AV detection), or does it load it right into memory, effectively a 'file less' malware?
Okay, okay yes, I get tNice tutorials and I get that-
I ain't got exams per say, but I'm tryna study for an IT certification... TNice tutorials is more important tho