Hancitor. Evasive new waves, and how COM objects can use Cached Credentials for Proxy Authentication.

While analyzing a new wave of Hancitor, I have determined that they have combined a variety of techniques together which greatly increases the effectiveness of the campaign. According to my research, they have leveraged an effective combination of Living off the Land Techniques in order to evade detection. WMI for indirect command execution and COM… Continue reading Hancitor. Evasive new waves, and how COM objects can use Cached Credentials for Proxy Authentication.