Ransomware Encryption Analysis: Attack Mechanics on Windows
Forty-Seven Alerts at 2 AM and One of Them Was Real A managed services client called our SOC at 2:14 AM on a Tuesday. Their file server was throwing access…
Using Autoruns to Audit Every Windows Autostart Location
A Backdoor Hiding in Plain Sight During a quarterly security review for a client running a 200-seat Windows environment, we found a DLL registered under HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\Appinit_Dlls that had been…
Encoding Passwords Securely in PowerShell Enterprise Scripts
A Plaintext Password That Cost a Client $200K Last year we inherited a managed environment from another vendor—a mid-size logistics company running 40+ scheduled PowerShell scripts across their domain controllers…
Using the PowerShell Certificate Provider for Cert Management
It is 3 AM. Your SIEM is generating Kerberos pre-authentication failures across 47 workstations. You escalate to Tier 3 and begin triage. The answer is not malware, not a credential…