rufflabs.com
open-menu closeme
Home
Writeups
github twitter linkedin rss

  • LetsDefend Walkthrough SOC164 Suspicious MSHTA Behavior

    calendar Mar 24, 2022 · 8 min read · letsdefend writeup  ·
    Share on: twitter facebook linkedin copy
    LetsDefend Walkthrough SOC164 Suspicious MSHTA Behavior

    Today's LetsDefend walkthrough will be investigating Event ID 114 - Suspicious MSHTA Behavior. Where an alert is raised due to mshta.exe executing a .hta script file that is considered low reputation.


    Read More

Jason Taylor

Husband, father, problem solver.

Featured Posts

  • BreakICT 2022 CTF Walkthrough (Part 2)
  • Fixing Kernel Panic in Ubuntu Packer Builds
  • Certified CyberDefender Review
  • BreakICT 2022 CTF Walkthrough (Part 1)
  • Anatomy of a Reverse Shell: nc named pipe
  • LetsDefend Walkthrough SOC164 Suspicious MSHTA Behavior
  • Remediating Nessus Plugin ID 139239 "Windows Security Feature Bypass in Secure Boot (BootHole)"

Recent Posts

  • Installing pip for Python2

Categories

WRITEUPS 3 BLOG 1

Tags

WRITEUP 3 CTF 2 WALKTHROUGH 2 BOOTHOLE 1 CVE-2020-10713 1 DOCKER 1 HOWTO 1 LAB 1 LETSDEFEND 1 NESSUS 1 PENTEST 1 REVIEW 1 REVSHELL 1
Copyright © 2022, rufflabs.com; all rights reserved.

Copyright  COPYRIGHT © 2022, RUFFLABS.COM; ALL RIGHTS RESERVED.. All Rights Reserved

to-top