A quick post on how to extract AutoHotKey scripts from an AutoHotKey script compiled executable.
The SOC Toolbox: Analyzing AutoHotKey compiled executables
Category: Blue Team
OneNote Embedded URL Abuse
Whilst Microsoft is fixing the embedded files feature in OneNote I decided to abuse a whole other feature. Embedded URLs. Turns out this is something they may also have to fix.
Cortex XSOAR Tips & Tricks β Leveraging dynamic sections – number widgets
Introduction Cortex XSOAR is a security oriented automation platform, and one of the areas where it stands out is customization. A recurring problem in a SOC is data visualization, analysts can be swarmed with information, and finding out what piece of data is currently both relevant and significant can become hard. One of our tasks … Continue reading Cortex XSOAR Tips & Tricks β Leveraging dynamic sections – number widgets
OneNote Embedded file abuse
In recent weeks OneNote has gotten a lot of media attention as threat actors are abusing the embedded files feature in OneNote in their phishing campaigns. In this post we will analyze this new way of malware delivery and create a detection rule for it.
DeTT&CT: Automate your detection coverage with dettectinator
Introduction Last year, I published an article on mapping detection to the MITRE ATT&CK framework using DeTT&CT. In the article, we introduced DeTT&CT and explored its features and usage. If you missed it, you can find the article here. Although, after writing that article, I encountered some challenges. For instance, I considered using DeTT&CT in … Continue reading DeTT&CT: Automate your detection coverage with dettectinator
Lower email spoofing incidents (and make your marketing team happy) with BIMI
Introduction Over the last couple of years, we saw the amount of phishing attacks skyrocket. According to F5, a multi-cloud security and application provider, there was a 220% increase of incidents during the height of the global pandemic compared to the yearly average. Itβs expected that every year there will be an additional increase of … Continue reading Lower email spoofing incidents (and make your marketing team happy) with BIMI