Feb 22 Β· 4 min read Β· Today weβre investigating another LetsDefend alert: SOC164 β Suspicious Mshta Behavior This alert focuses on detecting suspicious usage of a legitimate Windows binary often abused by attackers. π Al
Join discussion
Feb 13 Β· 3 min read Β· Today we are going to investigate another LetsDefend alert:SOC335 β CVE-2024-49138 Exploitation Detected. This alert is more serious than the usual login or brute-force alerts because it involves a known vulnerability and possible exploitation on a h...
Join discussion
Feb 2 Β· 3 min read Β· π Alert Overview In this investigation, we analyze SOC211 β Utilman.exe Winlogon Exploit Attempt, an alert indicating abuse of a Windows built-in binary (LOLBin) to achieve persistence and privilege escalation on a compromised host. The alert highl...
Join discussion
Jan 26 Β· 4 min read Β· One of the main tasks I expect to handle as a SOC analyst is reviewing authentication logs -looking for failed login attempts, picking up on patterns like brute-force or username spraying, and figuring out whether something is just a user mistyping t...
Join discussion
