blueteam
What is Yara The pattern matching swiss knife for malware researchers (and everyone else) To me Yara is regex with logic and metadata. It allows you to create rules to match patterns in data and adding matadata to give it more context. You can run yara as a executable or
detection
In this post I will cover Miters Process Injection (T1055) and some ways that you can detect it and prove it's working. Process Injection I will not go into to much detail on Process Injection here. If you want a deep dive, I recommend Endgames blog post. I
detection
Cobalt Strike is threat emulation software. It is a proprietary product used by... well who ever can afford it. However, it has been reverse engineered and some code leaked. Also, security researchers have extensively scrutinized it. For example, some people have noticed a pattern in Cobalt Strike use of Named
cve
Having been asked to look into CVE-2020-0601 for work, I thought I'd share what I learned. What is it? It is a flaw in the way Microsoft was validating Elliptic Curve Cryptography (ECC) certificates. This flaw affected all ECC certificates, including Microsofts own ECC MicrosoftECCProductRootCertificateAuthority.cer. Why this