Example of Spear Phishing Attack in detail

The McAfee blog released an article about how a current spear phishing attack (T1566) looks like in detail:

https://www.mcafee.com/blogs/other-blogs/mcafee-labs/mcafee-defenders-blog-operation-north-star-campaign/
(Picture from McAfee Blog)

More details about this attack can be found in the McAfee blog article.

Windows file or folder in use - cant be deleted or modified

When trying to delete files or folders, clean malware, or just modify something on your Windows system, windows won't let you, because the file is open in another programm:

Folder In Use / File In Use
The action can't be completed because the folder or a file in it is open in another program
Chose the folder or file and try again

How to find the program which is using the file?

1. Download Microsofts sysinternals tool "process explorer":

2. Open procexp.exe with admin rights
3. Use the magnifying glass or press CTRL + F
  


4. Search for the file or foldername (only parts of it will do)

5. Doubleclick the found process or use the process id PID to find the process


In order to show the Handles, which are opened by a process, either go to View\Lower Pane View\Handles or press CTRL+D



6. You can no close the process or close the handle, however closing the handle might crash your application or cause system instability, as process explorer will tell you, too.

Filter logs in Splunk - example filtering monitor probe checks

When running Splunk you want to filter logs, for example to get rid of the many health check probe querys from your monitoring system. Examp...