Eyezuhk

A collection of my cybersecurity thoughts and personal opinions covering a variety of topics.

Detection CVE-2024-35250

Detects when cmd.exe with system privileges is executed after a process loads 'ksproxy.ax' and 'ksuser.dll', indicating potential exploitation of CVE-2024-35250.

7 min read · 2024

Step-by-step Apache Guacamole Installation.

Guacamole Instalation

7 min read · 2024

Detection CVE-2024-35250

Detects when cmd.exe with system privileges is executed after a process loads 'ksproxy.ax' and 'ksuser.dll', indicating potential exploitation of CVE-2024-35250.

7 min read · December 19, 2024

2024 · SIEM SIGMA · Detection-Engineering
APTs or UAPs?

How Anomalous Phenomena Are Similar to Cyber Threats.

3 min read · December 12, 2024

2024 · SIEM · CyberSecurity
Step-by-step Apache Guacamole Installation.

Guacamole Instalation

7 min read · November 14, 2024

2024 · Guacamole · How-To
Script for enabling Windows Audit and Sysmon.

Windows audit and Sysmon

10 min read · November 11, 2024

2024 · Windows-Audit Sysmon SIEM · Scripts
FnStegoCrypt - Encrypted Data in Images

A program that encrypts data using AES-GCM and embeds it into images with LSB.

4 min read · June 25, 2024

2024 · FnStegoCrypt · Tools
Exposing Local Applications with FNLocalCloud.

An agent-server based program to expose local network services on the internet, bypassing CGNAT.

2 min read · April 12, 2024

2024 · FNLocalCloud · Tools
FIRST Fortaleza 2023.

FIRST (Forum of Incident Response and Security Teams)

3 min read · October 05, 2023

2023 · First · Events
CyberDefenders Qradar101 Write up.

Ctf Writeup

15 min read · February 16, 2022

2022 · Qradar Cyberdefenders SIEM · Threat-Hunting