all InfoSec news
rundll32 DavSetCookie Command - What is normal?
March 2, 2024, 2:44 a.m. | /u/DutifulEagle43
cybersecurity www.reddit.com
What I’ve seen is svchost being utilized to give a computer access to remote resources, with the command line [C:\WINDOWS\system32\svchost.exe -k LocalService -p -s WebClient]. What usually spawns next is rundll32.exe, running the command line [rundll32.exe C:\WINDOWS\system32\davclnt.dll,DavSetCookie @ http://address/].
Usually this rundll32.exe command contains the IP address, port, …
address cases command cybersecurity ip address malicious normal port rundll32 what is
More from www.reddit.com / cybersecurity
Jobs in InfoSec / Cybersecurity
CyberSOC Technical Lead
@ Integrity360 | Sandyford, Dublin, Ireland
Cyber Security Strategy Consultant
@ Capco | New York City
Cyber Security Senior Consultant
@ Capco | Chicago, IL
Senior Security Researcher - Linux MacOS EDR (Cortex)
@ Palo Alto Networks | Tel Aviv-Yafo, Israel
Sr. Manager, NetSec GTM Programs
@ Palo Alto Networks | Santa Clara, CA, United States
SOC Analyst I
@ Fortress Security Risk Management | Cleveland, OH, United States