Research
Malware analysis, threat intelligence, and detection engineering.
AgentTesla Infostealer — Static & Dynamic Analysis
Analysis of an AgentTesla sample delivered via phishing. Covers unpacking, C2 extraction, and detection opportunities.
→T1068 - gdrv.sys Load Attempt - EDR Detection Queries
EDR detection queries for identifying BYOVD exploitation attempts using the vulnerable gdrv.sys Gigabyte driver.
→T1218.005 - msxsl + typeperf Execution - EDR Detection (PowerQuery)
PowerQuery-based EDR detection for LOLBin abuse via msxsl.exe and typeperf.exe process creation from non-standard paths.
→T1218.005 - msxsl / typeperf Execution Response Playbook
Incident response playbook for containing and eradicating LOLBin abuse via msxsl.exe and typeperf.exe, including containment, credential reset, and post-incident detection steps.
→T1068 - Vulnerable Driver Write Response Playbook
Incident response playbook for handling BYOVD alerts involving vulnerable kernel drivers like gdrv.sys, covering identification, containment, remediation, and recovery.
→