"svchost.exe should always have services.exe as a parent process and should never be launched without any arguments/parameters" Welcome to the real world.

Who says #Python Malware is out of style? In our new #blog,kevin revisits an old technique he believes is a prime candidate to host #malware payloads—Python for Windows. Read it now! hubs.la/Q033Jvyq0

Happy Friday, everyone! With recent changes in #LummaStealer - using ChaCha20 for C2 encryption, here is the new config extractor in C/C++. We will try a different approach this time 🐦 Enjoy! github.com/RussianPanda95…

Windows audit policies, some common events they enable, and the volume of events they produce. #ThreatHunting #DFIR #Cybersecurity

ATT&CK v17 is out! It contains an update I have campaigned for since 2022: DLL Hijacking is now a single sub-technique, merging Search Order Hijacking & Sideloading, plus supporting related techniques. Huge thanks & congrats to the @MitreATTACK team on this release 🎉

Got a new Huntress blog out today taking a look at some intrusion analysis methodology with practical examples - check it out! huntress.com/blog/intrusion…

That wraps up #MalwareVillage @DEFCON 33! 🥳 Special thanks to all the organizers, sponsors, volunteers, speakers, workshoppers, collaborators, attendees, and everyone involved, for making this event absolutely legendary! 🤩 Thank you all! 🙏