New Hunting Query: BadUSB HID Injection via certutil LOLBIN Detected Through explorer.exe Parent Signal

A new hunting query surfaces BadUSB payloads that abuse certutil.exe or cmd.exe via the WIN+R Run dialog by keying on explorer.exe as the initiating process – a signal absent from existing generic certutil LOLBin detections. Read More →