all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

SOC163 EventID:113 — Suspicious Certutil.exe Usage — letsdefend.io

Add to bookmarks
Aug. 1, 2023, 8:40 p.m. | Enes Adışen

System Weakness - Medium systemweakness.com

SOC163 EventID:113 — Suspicious Certutil.exe Usage — letsdefend.io

First let’s have a look at the provided alert report.

EventID              : 113
Event Time           : Mar, 01, 2022, 11:06 AM
Rule                 : SOC163 - Suspicious Certutil.exe Usage
Level                : Security Analyst
Hostname             : EricProd
IP Address           : 172.16.17.22
Related Binary       : certutil.exe
Binary Path          : C:/Windows/System32/certutil.exe
Command Line         : certutil.exe -urlcache -split -f https://nmap.org/dist/nmap-7.92-win32.zip nmap.zip
Alert Trigger Reason : -f parameter with certutil.exe
EDR Action           : Allowed

This event appears to …

blue team incident response letsdefendio soc

Visit resource

More from systemweakness.com / System Weakness - Medium

Protect Yourself from Online Scams: Essential Phishing Email Analysis Techniques. 1 day ago | systemweakness.com
cybersecurity ethical hacking information technology malware +1
Cross-Site Scripting: Understanding, Preventing, and Mitigating Risks 1 day, 15 hours ago | systemweakness.com
continue cross-site cybersecurity data +18
University Linux Course (CTIS166) VS HackTheBox Academy Linux Fundamentals Module 1 day, 15 hours ago | systemweakness.com
bilkent-üniversitesi gnu-linux information technology linux +1
TryHackMe — LDAP Injection — Writeup 1 day, 15 hours ago | systemweakness.com
cybersecurity cybersecurity awareness tryhackme tryhackme-walkthrough +1
Analyzing WSH RAT 1 day, 15 hours ago | systemweakness.com
cyberchef cybersecurity javascript malware analysis +1
The Essential Cybersecurity Mindset 1 day, 15 hours ago | systemweakness.com
age career advice cybersecurity cyber security awareness +20
Secure Architecture: Infrastructure Controls 1 day, 15 hours ago | systemweakness.com
architecture article ask controls +12
Data Breaching in Secure Companies 1 day, 15 hours ago | systemweakness.com
breach business companies continue +12
How Prompt Injection Can Steal Your Data 3 days, 19 hours ago | systemweakness.com
ai chatbots chatgpt cybersecurity +1

Jobs in InfoSec / Cybersecurity

Post a Job Search Talent

CyberSOC Technical Lead

@ Integrity360 | Sandyford, Dublin, Ireland
View on infosec-jobs.com

Cyber Security Strategy Consultant

@ Capco | New York City
View on infosec-jobs.com

Cyber Security Senior Consultant

@ Capco | Chicago, IL
View on infosec-jobs.com

Sr. Product Manager

@ MixMode | Remote, US
View on infosec-jobs.com

Corporate Intern - Information Security (Year Round)

@ Associated Bank | US WI Remote
View on infosec-jobs.com

Senior Offensive Security Engineer

@ CoStar Group | US-DC Washington, DC
View on infosec-jobs.com