No Agent, No Problem: Discovering Remote EDRAs the reader, I’m sure you’re thinking — “oh great, another EDR internals or bypass post”. I can fully understand that sentiment, as…Jun 6Jun 6
The Truth About Telemetry: The Role of Primary and Secondary Telemetry SourcesDetection Engineers, Threat Hunters, and SOC Analysts all rely on one critical thing to do their jobs effectively — telemetry. However…Mar 17Mar 17
Behind the Mask: Unpacking Impersonation EventsIntroductionDec 4, 2024A response icon2Dec 4, 2024A response icon2
Silencing the EDR SilencersOriginally posted: Silencing the EDR Silencers | Huntress (huntress.com) authored by me.Oct 31, 2024Oct 31, 2024
What the Fork: Exploring Telemetry Gaps in Microsoft’s 4688 EventOriginally posted: What the Fork: Exploring Telemetry Gaps in Microsoft’s 4688 Event | Prelude (preludesecurity.com) but authored by me.Apr 4, 2024Apr 4, 2024
Event Tracing for Windows (ETW): Your Friendly Neighborhood IPC MechanismOriginally posted: Event Tracing for Windows (ETW): Your Friendly Neighborhood IPC Mechanism | Prelude (preludesecurity.com) but authored…Apr 4, 2024Apr 4, 2024
Uncovering Adversarial LDAP TradecraftA Write-Up by TrustedSec’s Research Lead Carlos Perez and Binary Defense’s Research Lead Jonathan Johnson. Originally posted on the Binary…Dec 18, 2023Dec 18, 2023
