<?xml version="1.0" encoding="utf-8" standalone="yes"?><rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom" xmlns:content="http://purl.org/rss/1.0/modules/content/"><channel><title>T1027 on sentinelchangelog.net</title><link>http://sentinelchangelog.net/tags/t1027/</link><description>Recent content in T1027 on sentinelchangelog.net</description><generator>Hugo -- 0.157.0</generator><language>en</language><lastBuildDate>Fri, 03 Jul 2026 07:48:54 +0000</lastBuildDate><atom:link href="http://sentinelchangelog.net/tags/t1027/index.xml" rel="self" type="application/rss+xml"/><item><title>New Hunting Query: BadUSB HID Injection via certutil LOLBIN Detected Through explorer.exe Parent Signal</title><link>http://sentinelchangelog.net/posts/2026-07-03-pr-14600/</link><pubDate>Fri, 03 Jul 2026 07:48:54 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-07-03-pr-14600/</guid><description>A new hunting query surfaces BadUSB payloads that abuse certutil.exe or cmd.exe via the WIN+R Run dialog by keying on explorer.exe as the initiating process &amp;ndash; a signal absent from existing generic certutil LOLBin detections.</description></item></channel></rss>