What a day to hunt for...cyber threats!
Group-IB presents a second edition of Hunting Rituals, a blog series that explores hunting techniques using one of the most effective solutions on the market — Group-IB MXDR. In this latest installment, we're taking a closer look at methods to spot the abuse of Windows Services.
Our new post focuses on hunting for process command line artifacts of service creation and hunting for registry artifacts of service creation, as they both go hand in hand. This time, we tested two hypotheses. One is obvious and allows us to avoid filtering massive data sets. The other creates more noise but enables us to unmistakably identify service creation events regardless of the tool or method used to create the service.
Follow our guide to see which approach brings more value and recreate the hunting process.
#ThreatHunting #MITREattackframework #WindowsService #huntorbehunted
Group-IB presents a second edition of Hunting Rituals, a blog series that explores hunting techniques using one of the most effective solutions on the market — Group-IB MXDR. In this latest installment, we're taking a closer look at methods to spot the abuse of Windows Services.
Our new post focuses on hunting for process command line artifacts of service creation and hunting for registry artifacts of service creation, as they both go hand in hand. This time, we tested two hypotheses. One is obvious and allows us to avoid filtering massive data sets. The other creates more noise but enables us to unmistakably identify service creation events regardless of the tool or method used to create the service.
Follow our guide to see which approach brings more value and recreate the hunting process.
#ThreatHunting #MITREattackframework #WindowsService #huntorbehunted
👍5🔥4