Windows Performance Counters provide an in-depth and consistent interface for collecting different types of system data such as processor, memory, and disk usage statistics. Performance counters can be used to monitor system resources and performance. This blog post describes how...

Cobalt strike is a red team command and control framework used for adversary emulation. Due to its functionality and flexibility, it has been widely adopted by both red teams and threat actors. Multiple threat actors such as APT29, APT32, APT...

It is commonly known that malware abuses native Windows utilities to achieve the attacker’s nefarious goals. For example, a native utility like Vssadmin can be abused by ransomware to inhibit system recovery (T1490) of a Windows endpoint. This blog post...

The Windows task scheduler is a tool in the Windows operating system that launches programs and executes predefined scripts at scheduled times or after specified time intervals. While Windows Task Scheduler is not malicious, adversaries can abuse this utility to...

JSSLoader is a remote access trojan by the Russian FIN7 hacking group. There has been an increase in the number of JSSLoader infections this year. These infections have been utilizing Microsoft Excel add-in files (XLL files) to drop the JSSLoader...

Pandora Ransomware gained notoriety in March 2022 when DENSO, a well-known giant in the automotive industry was compromised. After this, several malware researchers analyzed Pandora samples and agree that it is a variant of Rook ransomware, a well-known malware that...