all InfoSec news
unexpected mapi32.dll access
March 29, 2023, 5:11 p.m. | /u/Beef_Studpile
Computer Forensics www.reddit.com
The alert specifically looks for non-outlook processes loading mapi32.dll. Simple, but has never been triggered because we didn't have process data in the SIEM yet.
I was able to find a [good resource](https://www.seqrite.com/documents/en/white-papers/Whitepaper_HowToPM.pdf) describing how emotet uses mapi32.dll to scrape local email data
\-------
Upon shipping the data, we immediately had this rule trigger hundreds of times. Which can …
access acrobat alert alerts computerforensics data dll edr emotet excel false positive non outlook process processes question shipping siem simple trigger
More from www.reddit.com / Computer Forensics
Existing IT experience - how to move into Forensics?
1 day, 11 hours ago |
www.reddit.com
Is public computer forensics dying?
2 days, 9 hours ago |
www.reddit.com
Software Recommendations
1 week, 2 days ago |
www.reddit.com
Jobs in InfoSec / Cybersecurity
SOC 2 Manager, Audit and Certification
@ Deloitte | US and CA Multiple Locations
Regional Leader, Cyber Crisis Communications
@ Google | United Kingdom
Regional Intelligence Manager, Compliance, Safety and Risk Management
@ Google | London, UK
Senior Analyst, Endpoint Security
@ Scotiabank | Toronto, ON, CA, M1K5L1
Software Engineer, Security/Privacy, Google Cloud
@ Google | Bengaluru, Karnataka, India
Senior Security Engineer
@ Coinbase | Remote - USA