Cyber Threat hunting with Sqrrl (From Beaconing to Lateral Movement)

This is a review of one of the new generation continuous security monitoring solutions. They have been evolving from a reactive to a proactive approach, today we call them threat hunting platforms. Sqrrl combines outstanding visualization capabilities and strong cyber analytics models to make threat hunting and incident detection a walk in the park. To…

Memory Forensics with Vshot and Remnux (code injection, 4)

With this post we are getting nearly to the end of these series of memory analyis with Vshot and Remnux. In this post we are covering some of the plugins to detect the most targeted and stealthy attacks you can find today out there. More often than in previous years, I am coming across more…

Network Threat Hunting Books

  Here I leave you what are the best books I have ever read for network threat hunting – security monitoring. These books at the time I read them help me to get back on my feet after some long time without firing wireshark and seeing and nice packet capture. I recommend them as they…

The DFIR compendium portal

If you are currently lookinto start a new career or an already established professional you will find valuable information in the following web. http://aboutdfir.com/ It’s a en extensive project that aims at becoming a DFIR compendium of all resources scattered in internet. The portal is very well divided in different sections such as, Education Reading…

Exploring incident response procedures with PagerDuty.

I originally retweeted this information in my account, I often do so with information I want to read but I can not read at the time I find it. When I first skimmed through, what caught my attention was the fact that the organization in this case PagerDuty, was disclosing their internal Incident Response processes….

Memory Forensics with Vshot and Remnux (1)

This is a series of posts in which I am going to quickly explain some basic theory around memory forensics and how to hunt your attacker once he has been identified inside your network. I am also going to alleviate the burden of extracting information from your endpoint memory dump with the Vshot script which…

The right ingredients for Threat Hunting

Threat Hunting and training such as GCFA are proving to be beneficial to lower the internal detection and dwell time. Not long ago we were discussing the long time that was taking to do internal detection and average dwell time but this is currently changing. Rob Lee and the SANS Institute in their GCFA update…

Book: Android Malware and Analysis by Ken Dunham.

I needed  to get an intro to Android Malware Analysis and some of the tools you can use for Analysis. This books is very easy to read and provides a good foundation to start doing Android Malware Analysis. It covers current malware landscape until 2014 an existing techniques and tools in static and dynamic analysis….