Walkthrough - SOC164 - Suspicious Mshta Behavior

What is LetsDefend For those who are not familiar LetsDefend is a site mainly focused for BlueTeam professionals and especially SOC members. EventID 114 From the alert we see that it is related with LolBins. LolBins or Living of the land binaries are binaries of a non-malicious nature, local to the operating system, that have been utilised and exploited by cyber criminals and crime groups to camouflage their malicious activity.

December 29, 2022 Read