Category: APT

The top 10 windows logs event’s used to catch hackers

Very interesting presentation by Michael Gough from SecureWorks. It goes through some malware attack examples and the importance of the windows event id’s for their detection. Another must read. The top 10 windows logs event id's used v1.0 from Michael Gough

Intrusion Detection with Windows Event ID’s

This paper is the best I have ever read on how to build IOC’s with Windows Event ID’s. I highly recommend you to read it, it contains very useful information and some very interesting behavioural examples of attacker activity. If you are looking to enhance your detection in your core network this is the document! http://tinyurl.com/zpggnfq

Hunting down Threat Infrastructure (1)

In this two article series, I am going to explain how to spot anomalous activity in proxies and DNS queries coming out of your network. Additionally, I am also explaining how to recognize suspicious threat infrastructure, what elements you need to pay attention to, how this infrastructure behaves, what are the challenges for the defender and…

Read More

Security Monitoring and attack detection planning guide

Today, I had some time to read the “The security Monitoring and Attack Detection Planning Guide” by Microsoft. I have read different documents in the last couple of months aimed at security monitoring in the Microsoft endpoint however this document it is completely up to date and can help organizations to understand the requirements they…

Read More

Cyber Threat Hunting (2): Getting Ready

In my previous post I went through the basics of hunting and its benefits for the organization and for analysts. To continue the journey, today I am going to cover the preparations you need to do before you go out there and hunt. We are covering preparations and locations to hunt. As you need some…

Read More

Cyber Threat Hunting (1): Intro

After some long months debating whether to write a white paper, and what potential topics I could write about – I just decided that I do not have enough time to go through the process of writing a research paper for the next 6 to 12 months. Instead, I am taking some of my research and current…

Read More

December webinars

I leave you here some interesting webinars for those looking to get some CPE credits. I am currently researching the role of the use of privileges accounts in the attack lifecycle and some of these webinars focus on the subject. The Most Travelled Attack Path: Securing the Privileged Pathway Stopping Attacks Before They Stop Business…

Read More

Active Cyber Defense Tactics

Active cyber defense (ACD) is the concept of proactively opposing an attack in computers and networks. There are a series of tactics that can be applied in order to mitigate risk or detect adversaries inside the network. Active Hunting Security operations team focuses on reactive detection mainly based on signatures. In this scenario advanced attackers…

Read More

Advance Hunting and Content Development with RSA Analytics

Looking to extend my knowledge on Security Analytics from RSA I came across this video. It explains very well some of the capabilities SA from RSA provides, also some good practices to follow such as involved defenders in content development. It is a long video but easy to watch.