The evil side of DNS

Detection on this phase of the kill chain is not extremely complex, however from a business perspective it is critical for the organization to find this activity. An attacker who has progressed his attack to the C&C phase may be a dangerous and impactful threat for the business. Whether your organization is part of botnet…

Threat hunting quick fix

Are you currently threat hunting and not finding much? I do not support this threat hunting modality however it is true that I use it when I do not have the time to go on a hunting trip and keep focused. This is not a silver bullet but it is true that it can help…

Cyber Threat Hunting (3): Hunting in the perimeter

In this third post we are going to see what we need to look at when hunting and detecting adversaries in the perimeter. We are also going to look at some of the firewall technologies and their log formats in order to detect anomalies in the inbound and outbound traffic in your network.    …

Security Monitoring and attack detection planning guide

Today, I had some time to read the “The security Monitoring and Attack Detection Planning Guide” by Microsoft. I have read different documents in the last couple of months aimed at security monitoring in the Microsoft endpoint however this document it is completely up to date and can help organizations to understand the requirements they…

Cyber Threat Hunting (1): Intro

After some long months debating whether to write a white paper, and what potential topics I could write about – I just decided that I do not have enough time to go through the process of writing a research paper for the next 6 to 12 months. Instead, I am taking some of my research and current…

Active Cyber Defense Tactics

Active cyber defense (ACD) is the concept of proactively opposing an attack in computers and networks. There are a series of tactics that can be applied in order to mitigate risk or detect adversaries inside the network. Active Hunting Security operations team focuses on reactive detection mainly based on signatures. In this scenario advanced attackers…

Advance Hunting and Content Development with RSA Analytics

Looking to extend my knowledge on Security Analytics from RSA I came across this video. It explains very well some of the capabilities SA from RSA provides, also some good practices to follow such as involved defenders in content development. It is a long video but easy to watch.

Android Malware Analysis (white papers)

Are you currently interested or doing android malware analysis? then these white papers are a must read for you. These white papers will not discuss current tools and techniques but the current attack vectors for Android apps and therefore what you need to look for when analysing your apk’s. Dissecting Android Malware: Characterization and Evolution…

Incident analysis methodologies

In the past I researched for analysis methodologies in order to ascertain if the incidents flagged up by the security systems were true positives however  I could not find much about it. I was looking for a set of processes or steps that I could repeat over time and that lead me to a conclusion…