Some times, when you analysis dynamically a malware sample and this created files and then deleted them, disable the permissions for delete files in one specific folder could be useful.
Continue readingDeny delete permissions on a folder
Post Category → Shorts
Enabling Netlogon debug mode
Some time ago I had to investigate a case in which a lot of failed login events were being received in the Domain Controller of a public organization (apparently a brute force attack). The events did not show which machine was being logged on. In some cases it showed the name of the connection source machine and in others it did not.
Continue reading