Thursday, January 20, 2022

Better know a data source: Antimalware Scan Interface

Try to imagine the following scenarios:

A process exhibits suspicious behavior but there are no relevant command-line artifacts. How do you make sense of the root cause of the suspicious behavior?

A PowerShell process downloaded and executed a payload in memory. The command and control (C2) URL is present but there is no execution context beyond that. What exactly was downloaded and executed?

A DotNetToJScript payload loaded a .NET assembly in memory. How did the script do it and what did it …

Read More

Latest news
Related news