Recent posts

Tool Release: CB Bot

Tool Release: CB Bot

Today, I release CB Bot! CB Bot is a threat hunting and incident response web application framework to use with Carbon Black (CB) Defense. Not only will you be able to run commands

Do You Even Bitmap Cache, Bro?

Do You Even Bitmap Cache, Bro?

It's been a while since I last wrote a blog post. I've been busy building cool stuff and hunting for evil, so now I'm back to writing blog posts. For a while, I have had folks ask me about RDP Bitmap Cache, so I decided to write one about it.

"Tracing" Malicious Downloads

"Tracing" Malicious Downloads

In this blog post, I will be covering a very interesting artifact found in the Windows registry, which indicates whenever an executable (i.e. legitimate and illegitimate) attempted to establish a network connection to download files for the first time.

RDP Over Tor

RDP Over Tor

Recently, I encountered a threat actor leveraging Tor to establish Remote Desktop Protocol (RDP) sessions from a victim system to an attacker-controlled server. In this blog post, we will cover the basics of proxying RDP traffic over TOR and how to set it up, with tips to avoid being detected.