all InfoSec news
SOC163 EventID:113 — Suspicious Certutil.exe Usage — letsdefend.io
Aug. 1, 2023, 8:40 p.m. | Enes Adışen
System Weakness - Medium systemweakness.com
SOC163 EventID:113 — Suspicious Certutil.exe Usage — letsdefend.io
First let’s have a look at the provided alert report.
EventID : 113
Event Time : Mar, 01, 2022, 11:06 AM
Rule : SOC163 - Suspicious Certutil.exe Usage
Level : Security Analyst
Hostname : EricProd
IP Address : 172.16.17.22
Related Binary : certutil.exe
Binary Path : C:/Windows/System32/certutil.exe
Command Line : certutil.exe -urlcache -split -f https://nmap.org/dist/nmap-7.92-win32.zip nmap.zip
Alert Trigger Reason : -f parameter with certutil.exe
EDR Action : Allowed
This event appears to …
More from systemweakness.com / System Weakness - Medium
A Simple Git Misstep That Could Open Doors for Hackers
2 days, 2 hours ago |
systemweakness.com
Exploring JWT Exploitation Methods
2 days, 2 hours ago |
systemweakness.com
How to Streamline Zombie Account Management?
3 days, 6 hours ago |
systemweakness.com
Jobs in InfoSec / Cybersecurity
Network Security Tools Engineer / Systems Engineer
@ Node.Digital | Arlington, Virginia, United States
Scrum Master II - Global Information Security PMO
@ Marriott International | Bethesda, MD, United States
Principle Security Incident Response Analyst
@ Oracle | United States
Cyber Network Engineer
@ Peraton | Aberdeen Proving Ground, MD, United States
Red Team Operator: Assessments & Exercises Vice President
@ JPMorgan Chase & Co. | Columbus, OH, United States
Cybersecurity Undergraduate - Internship
@ esure Group | Reigate, United Kingdom