Infosecurity professionals need to master threat hunting. Why?
Proactive threat hunting enables the detection of attacks that go unnoticed by traditional security solutions.
To help you learn the ropes of this process, we've launched a new blog series, Hunting Rituals, which explores hunting techniques using one of the most effective solutions on the market — Group-IB MXDR. In the first article, we detailed the basic techniques for detecting DLL sideloading, a сunning method used to evade traditional security measures.
To begin the hunting process, we’ve framed a plausible hypothesis. By applying it to the EDR telemetry, we found several suspicious events. After carefully investigating them using the EDR module of Group-IB MXDR, we discovered the GUID of a process and, thereafter, other data that could help with further remediation or even with identification of a payload injected into legitimate processes.
To learn the details of the threat hunting for DLL sideloading, follow our step-by-step guide
#ThreatHunting #MITREattackframework #T1574002 #DLLhijacking #DLLsideloading
Proactive threat hunting enables the detection of attacks that go unnoticed by traditional security solutions.
To help you learn the ropes of this process, we've launched a new blog series, Hunting Rituals, which explores hunting techniques using one of the most effective solutions on the market — Group-IB MXDR. In the first article, we detailed the basic techniques for detecting DLL sideloading, a сunning method used to evade traditional security measures.
To begin the hunting process, we’ve framed a plausible hypothesis. By applying it to the EDR telemetry, we found several suspicious events. After carefully investigating them using the EDR module of Group-IB MXDR, we discovered the GUID of a process and, thereafter, other data that could help with further remediation or even with identification of a payload injected into legitimate processes.
To learn the details of the threat hunting for DLL sideloading, follow our step-by-step guide
#ThreatHunting #MITREattackframework #T1574002 #DLLhijacking #DLLsideloading
🔥7👍6❤2