Tag: threat-hunting

CyberCorp Case 2 part 3 — certutil download, LSASS dumping, WMI lateral movement to a domain controller, and tracking the second reverse shell C2 address.

CyberCorp Case 2 part 2 — decoding a base64 gzipped registry payload, tracing PID spoofing in PowerShell, and identifying the reverse shell C2 IP.

CyberCorp Case 2 threat hunting walkthrough — tracking WMI persistence, a malicious Word document, and a hidden iexproxy.dll download technique in Kibana.

How I found a publicly accessible victims.txt file storing phished Facebook credentials on a 000webhost server and what happened when I reported it.

OSINT into a Facebook phishing campaign spreading via friend-tagging — separate hosting domains, Vietnamese code traces, and possible Phishing-as-a-Service.