Intelligence-Driven Incident Response, book review.

  Intelligence Driven Incident Response is a great book that provides insight into the evolving field of Defense Intelligence.┬áThis book is about the missing link between your cyber defence operations teams, threat intelligence and intelligence to provide the organisation with full spectrum defensive capabilities. The book is an extensive walk through that will take the…

Detecting Lateral movement through event logs

Japan Cert has recently released a new research paper in wich the show the value of envent logs for the detection of lateral movement. The research papers is outstanding following the quaility of all documentation that the Japan Cert often releases to the public. The research provides and insight into the current tools used by…

A Lustrum of Malware Network Communication: Evolution and Insights

I recently came across this white paper which focuses in the dynamic analysis of network indicators for threat detection. The paper is very easy to read and I found very surprising some of the conclusions obtained from the research. The most revealing one is the fact that months before researchers have access or discovered a…

Cyber Threat hunting with Sqrrl (From Beaconing to Lateral Movement)

This is a review of one of the new generation continuous security monitoring solutions. They have been evolving from a reactive to a proactive approach, today we call them threat hunting platforms. Sqrrl combines outstanding visualization capabilities and strong cyber analytics models to make threat hunting and incident detection a walk in the park. To…

Memory Forensics with Vshot and Remnux (code injection, 4)

With this post we are getting nearly to the end of these series of memory analyis with Vshot and Remnux. In this post we are covering some of the plugins to detect the most targeted and stealthy attacks you can find today out there. More often than in previous years, I am coming across more…

Network Threat Hunting Books

  Here I leave you what are the best books I have ever read for network threat hunting – security monitoring. These books at the time I read them help me to get back on my feet after some long time without firing wireshark and seeing and nice packet capture. I recommend them as they…

The DFIR compendium portal

If you are currently lookinto start a new career or an already established professional you will find valuable information in the following web. http://aboutdfir.com/ It’s a en extensive project that aims at becoming a DFIR compendium of all resources scattered in internet. The portal is very well divided in different sections such as, Education Reading…

Memory Forensics with Vshot and Remnux (1)

This is a series of posts in which I am going to quickly explain some basic theory around memory forensics and how to hunt your attacker once he has been identified inside your network. I am also going to alleviate the burden of extracting information from your endpoint memory dump with the Vshot script which…

Book: Android Malware and Analysis by Ken Dunham.

I needed ┬áto get an intro to Android Malware Analysis and some of the tools you can use for Analysis. This books is very easy to read and provides a good foundation to start doing Android Malware Analysis. It covers current malware landscape until 2014 an existing techniques and tools in static and dynamic analysis….

Hunting down Threat Infrastructure (2, with PassiveTotal)

It’s been a while since I wrote the first post on Threat infrastructure and I believe it will be beneficial for you to first go through it, if you have not done it yet. This will set the context to understand the issues we are trying to solve here. The first post explained how attackers…