Forced authentication is a technique where threat actors can gather credentials by forcing a user to automatically provide authentication data and intercept responses. …
It’s critical that cybersecurity analysts have verbose endpoint visibility to detect and respond to attacks. System Monitor (Sysmon) is a utility provided by Microsoft to capture detailed process, network, and file change events, which can be used to detect endpoint staged attacks.
System Monitor (Sysmon) is a Windows system service…
Tor is open-source software that provides anonymity and privacy on the Internet.
Tor is a software suite and network that provides increased anonymity on the Internet. It creates a multi-hop proxy network and utilizes multilayer encryption to protect both the message and routing information. [1]
While Tor provides a valuable…
In the story Web Shells. An Introduction and Detection Strategies with YARA Hands-On Labs the process of moving files via rsync, installing YARA, and creating a signature for the weevely web shell was covered. Additionally, the story Web Shells. …
An overview of a web shell with a hands-on lab was covered in the post Web Shells. An Introduction and Detection Strategies with YARA Hands-On Labs. The following post will expand on this initial lab to provide additional detection strategies using Splunk as a security information and event management (SIEM)…
Visibility into unique organizational machine data is a core capability for cybersecurity teams and provides the foundation to building incident detection capabilities. …
YARA is a powerful analysis tool that can be integrated into organizational cybersecurity processes to improve malware detection and prevention capabilities.
YARA is a tool aimed at (but not limited to) helping malware researchers to identify and classify malware samples. [1]
Using an adversary model like MITRE ATT&CK, cybersecurity leaders…
Cost Justification. The Tough Questions.
As a cybersecurity leader, have you been asked the following questions:
- Why are we spending this amount on a technology?
- What value does this provide to the business?
- Are other business units using this technology?
Was it a challenge to answer these questions? If so, building a data source cost…
