Mathias Fuchs alias CyberFox blogging about DFIR and Cyber Security.

Pitfalls of Process Monitoring

Many security products monitor process trees very carefully to detect when for instance office applications spawn Powershell, cmd or other suspicious subprocesses. But is that enough? Still many organisations are unable to deactivate macros in office documents as they are still widely used. Hence they introduce compensating controls to detect […]