all InfoSec news
SOC163 EventID:113 — Suspicious Certutil.exe Usage — letsdefend.io
Aug. 1, 2023, 8:40 p.m. | Enes Adışen
System Weakness - Medium systemweakness.com
SOC163 EventID:113 — Suspicious Certutil.exe Usage — letsdefend.io
First let’s have a look at the provided alert report.
EventID : 113
Event Time : Mar, 01, 2022, 11:06 AM
Rule : SOC163 - Suspicious Certutil.exe Usage
Level : Security Analyst
Hostname : EricProd
IP Address : 172.16.17.22
Related Binary : certutil.exe
Binary Path : C:/Windows/System32/certutil.exe
Command Line : certutil.exe -urlcache -split -f https://nmap.org/dist/nmap-7.92-win32.zip nmap.zip
Alert Trigger Reason : -f parameter with certutil.exe
EDR Action : Allowed
This event appears to …
More from systemweakness.com / System Weakness - Medium
Analyzing WSH RAT
1 day, 15 hours ago |
systemweakness.com
The Essential Cybersecurity Mindset
1 day, 15 hours ago |
systemweakness.com
Secure Architecture: Infrastructure Controls
1 day, 15 hours ago |
systemweakness.com
Data Breaching in Secure Companies
1 day, 15 hours ago |
systemweakness.com
How Prompt Injection Can Steal Your Data
3 days, 19 hours ago |
systemweakness.com
Jobs in InfoSec / Cybersecurity
CyberSOC Technical Lead
@ Integrity360 | Sandyford, Dublin, Ireland
Cyber Security Strategy Consultant
@ Capco | New York City
Cyber Security Senior Consultant
@ Capco | Chicago, IL
Sr. Product Manager
@ MixMode | Remote, US
Corporate Intern - Information Security (Year Round)
@ Associated Bank | US WI Remote
Senior Offensive Security Engineer
@ CoStar Group | US-DC Washington, DC