{"id":2,"date":"2022-05-13T10:04:02","date_gmt":"2022-05-13T10:04:02","guid":{"rendered":"http:\/\/justruss.tech\/?page_id=2"},"modified":"2023-07-30T03:53:23","modified_gmt":"2023-07-30T03:53:23","slug":"sample-page","status":"publish","type":"page","link":"https:\/\/justruss.tech\/","title":{"rendered":""},"content":{"rendered":"\n<p>A place where I just blog about my interests and learning.<\/p>\n\n\n\n<p><\/p>\n\n\n\n<p><\/p>\n\n\n\n<p>Currently merging a few blogs into this one location. Please check back in later to view them.<\/p>\n\n\n\n<p><\/p>\n\n\n\n<div class=\"wp-block-columns is-layout-flex wp-container-core-columns-is-layout-9d6595d7 wp-block-columns-is-layout-flex\">\n<div class=\"wp-block-column is-layout-flow wp-block-column-is-layout-flow\">\n<div class=\"wp-block-query is-layout-flow wp-block-query-is-layout-flow\"><ul class=\"wp-block-post-template is-layout-flow wp-block-post-template-is-layout-flow\"><li class=\"wp-block-post post-176 post type-post status-publish format-standard hentry category-dfir\">\n<h2 class=\"wp-block-post-title\"><a href=\"https:\/\/justruss.tech\/index.php\/2023\/07\/30\/an-intro-to-webshells\/\" target=\"_self\" >An intro to Webshells<\/a><\/h2>\n\n\n\n<div class=\"wp-block-post-excerpt\"><p class=\"wp-block-post-excerpt__excerpt\">Introduction Webshells, a deceptively simple yet powerful tool in the hands of cyber adversaries, pose a critical threat to web servers and the data they hold. These malicious scripts infiltrate vulnerable web applications, providing unauthorised remote access to attackers. In this technical blog, we will explore the inner workings of common webshells such as PHP-based&hellip; <\/p><\/div>\n\n<div class=\"wp-block-post-date\"><time datetime=\"2023-07-30T05:50:36+00:00\">July 30, 2023<\/time><\/div>\n<\/li><li class=\"wp-block-post post-172 post type-post status-publish format-standard hentry category-threat-hunting\">\n<h2 class=\"wp-block-post-title\"><a href=\"https:\/\/justruss.tech\/index.php\/2023\/07\/30\/unveiling-the-worlds-largest-security-threat-a-deep-dive-into-its-complex-mechanisms-and-how-threat-hunting-is-essential\/\" target=\"_self\" >Unveiling the World&#8217;s Largest Security Threat: A Deep Dive into its Complex Mechanisms and How Threat Hunting is Essential<\/a><\/h2>\n\n\n\n<div class=\"wp-block-post-excerpt\"><p class=\"wp-block-post-excerpt__excerpt\">Introduction In the vast landscape of cybersecurity, one adversary looms above all others, the colossal and enigmatic world&#8217;s largest security threat. As we embark on this perilous journey, we must shed the allure of hyperbole and delve into the substance of this monolith. In this blog, we shall dissect the intricate layers of this formidable&hellip; <\/p><\/div>\n\n<div class=\"wp-block-post-date\"><time datetime=\"2023-07-30T05:15:10+00:00\">July 30, 2023<\/time><\/div>\n<\/li><li class=\"wp-block-post post-142 post type-post status-publish format-standard hentry category-dfir\">\n<h2 class=\"wp-block-post-title\"><a href=\"https:\/\/justruss.tech\/index.php\/2022\/09\/11\/setting-up-a-home-lab\/\" target=\"_self\" >Setting up a home lab<\/a><\/h2>\n\n\n\n<div class=\"wp-block-post-excerpt\"><p class=\"wp-block-post-excerpt__excerpt\">I bought myself a server to expand my development as the war between gaming and personal development was finally over and you guess it, games won. Instead of simply copying from virtual machines over, I decided to build my lab again from the ground up using new tools and endpoints. This blog will be split&hellip; <\/p><\/div>\n\n<div class=\"wp-block-post-date\"><time datetime=\"2022-09-11T00:43:18+00:00\">September 11, 2022<\/time><\/div>\n<\/li><li class=\"wp-block-post post-134 post type-post status-publish format-standard hentry category-hackthebox-challenges\">\n<h2 class=\"wp-block-post-title\"><a href=\"https:\/\/justruss.tech\/index.php\/2022\/05\/24\/persistenceisfutile\/\" target=\"_self\" >PersistenceIsFutile | Moderate<\/a><\/h2>\n\n\n\n<div class=\"wp-block-post-excerpt\"><p class=\"wp-block-post-excerpt__excerpt\">Challenge brief Hackers made it onto one of our production servers. We&#8217;ve isolated it from the internet until we can clean the machine up. The IR team reported eight different backdoors on the server but didn&#8217;t say what they were and we can&#8217;t get in touch with them. We need to get this server back&hellip; <\/p><\/div>\n\n<div class=\"wp-block-post-date\"><time datetime=\"2022-05-24T13:14:59+00:00\">May 24, 2022<\/time><\/div>\n<\/li><li class=\"wp-block-post post-114 post type-post status-publish format-standard hentry category-hackthebox-challenges\">\n<h2 class=\"wp-block-post-title\"><a href=\"https:\/\/justruss.tech\/index.php\/2022\/05\/22\/obsecure-easy\/\" target=\"_self\" >Obsecure | Easy<\/a><\/h2>\n\n\n\n<div class=\"wp-block-post-excerpt\"><p class=\"wp-block-post-excerpt__excerpt\">Challenge brief An attacker has found a vulnerability in our web server that allows arbitrary PHP file upload to our Apache server. Suchlike, the hacker has uploaded what seems to be an obfuscated shell (support.php). We monitor our network 24\/7 and generate logs from tcpdump (we provided the log file for the period of two&hellip; <\/p><\/div>\n\n<div class=\"wp-block-post-date\"><time datetime=\"2022-05-22T06:30:58+00:00\">May 22, 2022<\/time><\/div>\n<\/li><li class=\"wp-block-post post-110 post type-post status-publish format-standard hentry category-hackthebox-challenges\">\n<h2 class=\"wp-block-post-title\"><a href=\"https:\/\/justruss.tech\/index.php\/2022\/05\/22\/reminiscent-easy\/\" target=\"_self\" >Reminiscent | Easy<\/a><\/h2>\n\n\n\n<div class=\"wp-block-post-excerpt\"><p class=\"wp-block-post-excerpt__excerpt\">Challenge brief Suspicious traffic was detected from a recruiter&#8217;s virtual PC. A memory dump of the offending VM was captured before it was removed from the network for imaging and analysis. Our recruiter mentioned he received an email from someone regarding their resume. A copy of the email was recovered and is provided for reference.&hellip; <\/p><\/div>\n\n<div class=\"wp-block-post-date\"><time datetime=\"2022-05-22T05:45:49+00:00\">May 22, 2022<\/time><\/div>\n<\/li><li class=\"wp-block-post post-100 post type-post status-publish format-standard hentry category-dfir\">\n<h2 class=\"wp-block-post-title\"><a href=\"https:\/\/justruss.tech\/index.php\/2022\/05\/17\/process-injection\/\" target=\"_self\" >Exploring the Top 10 Windows Process Injection Techniques: Detection and Mitigation<\/a><\/h2>\n\n\n\n<div class=\"wp-block-post-excerpt\"><p class=\"wp-block-post-excerpt__excerpt\">Introduction Process injection is a common tactic employed by malicious actors to inject code into a legitimate process, allowing them to evade detection and execute their malicious payloads. In this blog, we will delve into the top 10 Windows process injection techniques used by adversaries. For each technique, we will provide C++ code demonstrating the&hellip; <\/p><\/div>\n\n<div class=\"wp-block-post-date\"><time datetime=\"2022-05-17T06:19:42+00:00\">May 17, 2022<\/time><\/div>\n<\/li><li class=\"wp-block-post post-103 post type-post status-publish format-standard has-post-thumbnail hentry category-dfir\">\n<h2 class=\"wp-block-post-title\"><a href=\"https:\/\/justruss.tech\/index.php\/2022\/05\/17\/hiding-in-memory\/\" target=\"_self\" >Malicious Adversaries Concealed in Windows Memory: A Cyber Security Digital Forensic Approach<\/a><\/h2>\n\n<figure class=\"alignwide wp-block-post-featured-image\"><a href=\"https:\/\/justruss.tech\/index.php\/2022\/05\/17\/hiding-in-memory\/\" target=\"_self\"  ><img loading=\"lazy\" decoding=\"async\" width=\"259\" height=\"194\" src=\"https:\/\/justruss.tech\/wp-content\/uploads\/2022\/05\/memory.jpg\" class=\"attachment-post-thumbnail size-post-thumbnail wp-post-image\" alt=\"Malicious Adversaries Concealed in Windows Memory: A Cyber Security Digital Forensic Approach\" style=\"object-fit:cover;\" \/><\/a><\/figure>\n\n<div class=\"wp-block-post-excerpt\"><p class=\"wp-block-post-excerpt__excerpt\">Introduction In the relentless battlefield of cybersecurity, malicious adversaries often resort to advanced techniques to evade detection. One such insidious strategy involves hiding within Windows memory, where they can maintain stealth and perpetrate their malevolent activities undetected. In this blog, we will delve into the realm of memory forensics and explore how cyber security analysts&hellip; <\/p><\/div>\n\n<div class=\"wp-block-post-date\"><time datetime=\"2022-05-17T06:18:37+00:00\">May 17, 2022<\/time><\/div>\n<\/li><li class=\"wp-block-post post-56 post type-post status-publish format-standard has-post-thumbnail hentry category-dfir\">\n<h2 class=\"wp-block-post-title\"><a href=\"https:\/\/justruss.tech\/index.php\/2022\/05\/16\/seond-blog\/\" target=\"_self\" >Unmasking Malicious Activity with Logman for Windows Event Tracing Analysis<\/a><\/h2>\n\n<figure class=\"alignwide wp-block-post-featured-image\"><a href=\"https:\/\/justruss.tech\/index.php\/2022\/05\/16\/seond-blog\/\" target=\"_self\"  ><img loading=\"lazy\" decoding=\"async\" width=\"1280\" height=\"720\" src=\"https:\/\/justruss.tech\/wp-content\/uploads\/2022\/05\/maze.jpg\" class=\"attachment-post-thumbnail size-post-thumbnail wp-post-image\" alt=\"Unmasking Malicious Activity with Logman for Windows Event Tracing Analysis\" style=\"object-fit:cover;\" srcset=\"https:\/\/justruss.tech\/wp-content\/uploads\/2022\/05\/maze.jpg 1280w, https:\/\/justruss.tech\/wp-content\/uploads\/2022\/05\/maze-300x169.jpg 300w, https:\/\/justruss.tech\/wp-content\/uploads\/2022\/05\/maze-1024x576.jpg 1024w, https:\/\/justruss.tech\/wp-content\/uploads\/2022\/05\/maze-768x432.jpg 768w\" sizes=\"auto, (max-width: 1280px) 100vw, 1280px\" \/><\/a><\/figure>\n\n<div class=\"wp-block-post-excerpt\"><p class=\"wp-block-post-excerpt__excerpt\">IntroductionIn the realm of computer forensics, detecting and investigating malicious activities is a paramount challenge. Event Tracing for Windows (ETW) serves as a powerful arsenal for digital investigators, allowing them to log crucial events and unravel suspicious behaviors. In this blog, we will explore how to utilize Logman, a command-line tool for managing ETW sessions,&hellip; <\/p><\/div>\n\n<div class=\"wp-block-post-date\"><time datetime=\"2022-05-16T05:39:28+00:00\">May 16, 2022<\/time><\/div>\n<\/li><li class=\"wp-block-post post-38 post type-post status-publish format-standard has-post-thumbnail hentry category-dfir\">\n<h2 class=\"wp-block-post-title\"><a href=\"https:\/\/justruss.tech\/index.php\/2022\/05\/14\/first-blog\/\" target=\"_self\" >ScareCrow: Unveiling the Technical Intricacies of an Elusive Cyber Threat<\/a><\/h2>\n\n<figure class=\"alignwide wp-block-post-featured-image\"><a href=\"https:\/\/justruss.tech\/index.php\/2022\/05\/14\/first-blog\/\" target=\"_self\"  ><img loading=\"lazy\" decoding=\"async\" width=\"288\" height=\"316\" src=\"https:\/\/justruss.tech\/wp-content\/uploads\/2022\/05\/ScareCrow.png\" class=\"attachment-post-thumbnail size-post-thumbnail wp-post-image\" alt=\"ScareCrow: Unveiling the Technical Intricacies of an Elusive Cyber Threat\" style=\"object-fit:cover;\" srcset=\"https:\/\/justruss.tech\/wp-content\/uploads\/2022\/05\/ScareCrow.png 288w, https:\/\/justruss.tech\/wp-content\/uploads\/2022\/05\/ScareCrow-273x300.png 273w\" sizes=\"auto, (max-width: 288px) 100vw, 288px\" \/><\/a><\/figure>\n\n<div class=\"wp-block-post-excerpt\"><p class=\"wp-block-post-excerpt__excerpt\">Introduction In the ever-evolving landscape of cyber threats, adversaries continuously hone their tactics to infiltrate and exploit vulnerable systems. Among these advanced threats lurks &#8220;ScareCrow,&#8221; a stealthy and highly sophisticated malware that targets corporate networks and critical infrastructure. Unlike conventional malware, ScareCrow deploys sophisticated evasion techniques, making it a formidable adversary for even the most&hellip; <\/p><\/div>\n\n<div class=\"wp-block-post-date\"><time datetime=\"2022-05-14T02:54:20+00:00\">May 14, 2022<\/time><\/div>\n<\/li><\/ul><\/div>\n<\/div>\n<\/div>\n","protected":false},"excerpt":{"rendered":"<p>A place where I just blog about my interests and learning. Currently merging a few blogs into this one location. Please check back in later to view them.<\/p>\n","protected":false},"author":1,"featured_media":0,"parent":0,"menu_order":0,"comment_status":"closed","ping_status":"open","template":"","meta":{"om_disable_all_campaigns":false,"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"footnotes":""},"class_list":["post-2","page","type-page","status-publish","hentry"],"_links":{"self":[{"href":"https:\/\/justruss.tech\/index.php\/wp-json\/wp\/v2\/pages\/2","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/justruss.tech\/index.php\/wp-json\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/justruss.tech\/index.php\/wp-json\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/justruss.tech\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/justruss.tech\/index.php\/wp-json\/wp\/v2\/comments?post=2"}],"version-history":[{"count":32,"href":"https:\/\/justruss.tech\/index.php\/wp-json\/wp\/v2\/pages\/2\/revisions"}],"predecessor-version":[{"id":157,"href":"https:\/\/justruss.tech\/index.php\/wp-json\/wp\/v2\/pages\/2\/revisions\/157"}],"wp:attachment":[{"href":"https:\/\/justruss.tech\/index.php\/wp-json\/wp\/v2\/media?parent=2"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}