Cybersecurity Analyst Shares Key Advice on Monitoring API Calls in Windows

A cybersecurity analyst recently returned from a FOR610 class in London, where he shared a crucial piece of advice: monitoring "strange" API calls within the Windows ecosystem. Although API calls are not always malicious, some can be misused from their intended purpose. A hunting rule for malicious scripts is to look for occurrences of the ctypes library, which allows Python to call functions in DLLs or shared libraries.