Hunts

Threat Hunts

Hypothesis-driven hunts across endpoint, cloud, and identity environments. Real hunts, real findings.

True Positive Mar 19, 2026

Hunting DeerStealer: DLL Sideloading Through Signed Binaries

Unsigned binaries and DLLs appearing in ProgramData subfolders that don't belong to known, installed software indicate DLL sideloading activity.

Found a DeerStealer variant using a Comodo-signed binary sideloading cmdres.dll, with HijackLoader injecting DeerStealer into a hollowed Q-Dir process.

LimaCharlie T1218.007 T1574.002 T1036.005 T1555.003 T1539
Read full writeup →

Want to talk hunting?

Always down to connect about threat hunting methodologies, tooling, or anything security.

Get In Touch