curben
/
blog
mirror of https://gitlab.com/curben/blog
1
0
Fork 0
Code Issues Releases Wiki Activity
1,430 Commits 5 Branches 0 Tags 39 MiB
Commit Graph

1430 Commits

Author SHA1 Message Date
Ming Di Leom a7ec0849fc
feat(threat-hunting): Suspicious command involving Public folder 2025-09-21 11:09:07 +00:00
Ming Di Leom 24f65e8425
page(restricted-admin): registry change detection 2025-08-24 10:54:47 +00:00
Ming Di Leom c117b84a68
feat(threat-hunting): User Account Control (UAC) policy change 2025-08-24 10:50:38 +00:00
Ming Di Leom dcda1a17b0
chore(deps): test hexo-yam native zstd support 
https://github.com/curbengh/hexo-yam/pull/166
 2025-08-17 08:45:34 +00:00
Ming Di Leom 0a2deee8cb
feat(threat-hunting): Root certificate installation 2025-08-09 04:32:18 +00:00
Ming Di Leom 830aea5f11
feat(ad-db-dump): detect ntds.dit dump using backup utility 2025-08-09 04:27:15 +00:00
Ming Di Leom a93b2fb5b5
feat(threat-hunting): AD integrated DNS zone export 2025-08-09 04:26:09 +00:00
Ming Di Leom a1a8f6c44b
feat(threat-hunting): Veeam credential extraction 2025-08-06 11:31:55 +00:00
Ming Di Leom 665846fa33
chore(rmm-monitor): AnyViewer/JumpConnect/TinyPilot/OptiTune 2025-08-03 08:14:31 +00:00
Ming Di Leom e284914748
page(threat-hunting): Windows Recovery Environment disabled 2025-08-03 08:04:17 +00:00
Ming Di Leom 3511c59121
refactor(unusual-schtasks): combine alerts 2025-08-03 08:00:10 +00:00
Ming Di Leom 7900d8410b
feat: show published/updated date on pages 2025-07-27 07:52:33 +00:00
Ming Di Leom 4922492c95
refactor(threat-hunting): separate headings into pages 2025-07-27 06:15:45 +00:00
Ming Di Leom a4068a880a
chore(lolbin-detection): rawcopy.exe 2025-07-27 02:23:24 +00:00
Ming Di Leom e310dd61d1
fix(defender-incident): combine accountName fields 
from evidence{}.userAccount.accountName & evidence{}.loggedOnUsers{}.accountName
 2025-07-11 10:18:26 +00:00
Ming Di Leom 643b5ef5c3
page(about): update projects description 2025-06-30 10:52:54 +00:00
Ming Di Leom c336c490de
feat(threat-hunting): DonPAPI detection 2025-06-30 10:19:05 +00:00
Ming Di Leom 1901e5c573
refactor(threat-hunting): combine LoLBin detections 2025-06-30 10:15:44 +00:00
Ming Di Leom e21350c029
chore(rmm-monitor): Ekran/Syteca & ClassroomSpy 2025-06-30 09:06:55 +00:00
Ming Di Leom ddec67b836
feat(threat-hunting): NodeJS spawning cmd.exe 2025-06-30 09:02:04 +00:00
Ming Di Leom 1c48ed888a
chore(copyright): 2025 2025-06-30 08:59:14 +00:00
Ming Di Leom ed06d65ce4
feat(threat-hunting): FileFix detection 2025-06-30 08:55:47 +00:00
Ming Di Leom 1df78c65c5
feat(threat-hunting): Excessive AWS WAF Blocked Events 2025-06-30 08:52:58 +00:00
Ming Di Leom 1bde8ee4c6
feat(threat-hunting): chisel proxy detection 2025-06-30 08:44:57 +00:00
Ming Di Leom 61e552b0ea
chore(theme): link to /threat-hunting/ 2025-06-30 08:42:58 +00:00
Ming Di Leom 57ca66d09d
page(threat-hunting): domain admins report 2025-06-09 06:52:25 +00:00
Ming Di Leom 4ac82f1ed1
fix(defender-incident): combine filePath, url, processCommandLine into a field 2025-06-01 12:06:18 +00:00
Ming Di Leom 6a39f54934
page(threat-hunting): Account Discovery Using DIR, WHOAMI, and NET 2025-06-01 12:02:01 +00:00
Ming Di Leom 429092e81a
page(threat-hunting): Windows Sandbox execution 2025-06-01 11:56:27 +00:00
Ming Di Leom 93880a8100
page(threat-hunting): Windows JScript execution 2025-06-01 11:54:08 +00:00
Ming Di Leom 7913075926
page(threat-hunting): Cipher.exe execution 2025-06-01 11:50:45 +00:00
Ming Di Leom d824585ced
page(threat-hunting): Disable Microsoft Defender (Registry) 2025-05-20 09:01:09 +00:00
Ming Di Leom 16e9e6ac56
fix(clickfix-detect): update fields 2025-05-20 08:45:34 +00:00
Ming Di Leom 80239ea808
post(openwrt-nts): persist config across reboots 2025-05-08 09:45:39 +00:00
Ming Di Leom 8fc44aae9d
fix(unusual-ua): include firefox 2025-05-04 01:24:30 +00:00
Ming Di Leom 872144936c
page(threat-hunting): Unusual User Agent 2025-05-04 01:22:44 +00:00
Ming Di Leom daedc05d2f
page(about): SSH access is now restricted to Tailscale 2025-04-09 10:36:50 +00:00
Ming Di Leom 7ee64d3b4a
page(about): remove npm and codeberg badges 2025-04-09 10:19:56 +00:00
Ming Di Leom 8f13865138
page(threat-hunting): Clear-text password search 2025-04-09 10:18:07 +00:00
Ming Di Leom 7bbc0ec694
post(centos-dnf-auto): clarify sentence 2025-04-08 09:01:08 +00:00
Ming Di Leom 533e1099b5
chore(rmm-monitor): UltraViewer 2025-04-08 08:25:26 +00:00
Ming Di Leom d037a782fd
page(threat-hunting): ShareName suffix 2025-04-08 08:24:07 +00:00
Ming Di Leom b330435a1f
build: clean up artifact prior to build 
somehow cache in netlify
 2025-04-07 08:30:25 +00:00
Ming Di Leom 0866cd3890
docs: update mirror order according to update frequency 2025-04-06 12:22:07 +00:00
Ming Di Leom 4803ba6ff4
page(threat-hunting): update InnoDownloadPlugin description 2025-04-06 12:06:57 +00:00
Ming Di Leom 978e8c6ae6
page(threat-hunting): file hiding using attrib.exe 2025-04-06 12:04:48 +00:00
Ming Di Leom 751e9e7c66
page(threat-hunting): powershell auto-start 2025-04-06 12:02:04 +00:00
Ming Di Leom cd2a742df9
page(threat-hunting): CobaltStrike detection through network share discovery 2025-04-06 11:49:47 +00:00
Ming Di Leom b7abc47a5c
page(threat-hunting): New Network Share detected 2025-04-06 11:43:44 +00:00
Ming Di Leom fb69f36eb2
page(threat-hunting): tailscale detection 2025-04-06 11:02:51 +00:00