https://garrettoh.dev/ Recent content on Garrettoh's Research / Blog Hugo en-us Mon, 20 Apr 2026 00:00:00 +0000 https://garrettoh.dev/posts/fingerclickfix/dfir-week-1/ Mon, 20 Apr 2026 00:00:00 +0000 https://garrettoh.dev/posts/fingerclickfix/dfir-week-1/ <p>Threat actors are increasingly abandoning custom malware for simple, built in native binaries. This strategy is known as Living off the land (LotL). It turns tools that are used for legitimate administrative purposes against the machine making it hard to detect.</p> <p>Recently when remediating an incident within an organization we observed the textbook example of this attack chain. The attack used a clever social engineering tactic known as ClickFix with legacy windows protocols to establish persistence, and deploy rogue RMM software on the environment.</p> https://garrettoh.dev/about/ Sun, 19 Apr 2026 00:00:00 +0000 https://garrettoh.dev/about/ <h2 id="whoami">whoami</h2> <p>I am Garrett a security researcher with a heavy focus on RE, Malware Development, Cybersecurity engineering, and DFIR.</p> <p>This year I will be competing in the NSA CBC and I hope to beat every single challenge Follow me on my journey!</p> <hr> <p>As of right now the blog is relatively straight forward but I just got the domain a couple of days ago so I&rsquo;m looking to flesh it out :) stay along for the adventure :D.</p>