Duck and cover or how AtomBombing is really unnecessarily alarmism

The so-called AtomBombing code injection technique discovered by Tal Liberman seemed to be getting a lot of attention recently. Websites like thehackernews describe the issue as: “no existing anti-malware tools can detect” and “…What’s worse? The company said all versions of Windows operating system, including Microsoft’s newest Windows 10, were affected. And What’s even worse? There…

5

Sysinternals Sysmon unleashed

Introduction Warning: This post recommends Sysmon monitoring policy implementations that are not official Microsoft recommendations. Readers are encouraged to review and test all policy recommendations prior to their implementation in a production environment. Sysmon from Sysinternals is a very powerful Host-level tracing tool, which can assist you in detecting advanced threats on your network. In…

7

Process Monitor for Dynamic Malware Analysis

Sysinternals Process Monitor is a powerful tool for investigating and troubleshooting application issues, as well as malware forensics and analysis tasks. Process Monitor lets you ‘peek under the hood’: Display files, registry, network and image loading activities in real time; all of the output can be exported to an external file for later viewing. The…

0