What Are HTTP GET/POST Flood Attacks?

Hunt Threats Better: What Are HTTP GET/POST Flood Attacks?

Learn the main differences between HTTP GET and POST flood attacks and mitigation strategies for both. Request Components (1) Methods Required: GET, POST Optional: OPTIONS, HEAD, PUT, DELETE, TRACE, CONNECT WebDAV: PROPFIND , PROPPATCH, MKCOL COPY, MOVE, LOCK, UNLOCK  Request string (AKA URI) Can include parameters on GET request /index.php?choice=foo&choice2=bar You might already be familiar…

svchost.exe - The Most Important Windows Processes For Threat Hunting

svchost.exe: One Of The Most Important Windows Processes For Threat Hunting

“svchost.exe” (Service Host) is a system process in the Windows OS responsible for hosting and managing Windows services that run from dynamic-link libraries (.dll files). This process cannot start or end manually. “svchost” hosts a number of services to lower resource consumption and protect computing resources. If all the services ran under one process, in case…

"lsm.exe" Windows process

Lsm.exe: One Of The Most Important Windows Processes For Threat Hunting

“lsm.exe” is the Local Session Manager Service in the Windows OS. This process handles all the connections related to the terminal server on the hosted machine. “lsm.exe” is a core Windows process. In this new series, we analyze Windows processes and provide threat hunting tips. Image Path:  %SystemRoot%\System32\lsm.exe Parent Process:  wininit.exe Number of Instances:  One User…

services.exe Windows process threat hunting tips

services.exe: One Of The Most Important Windows Processes For Threat Hunting

“services.exe” launches the Services Control Manager which is primarily responsible for handling system services including starting and ending services, and interacting with services. Services are defined in HKLM\SYSTEM\CurrentControlSet\Services. In this new series, we analyze Windows processes and provide threat hunting tips. “services.exe” is the parent process of svchost.exe, dllhost.exe, taskhost.exe,spoolsv.exe, etc.   This process interacts with…