Cyber Threat hunting with Sqrrl (From Beaconing to Lateral Movement)

This is a review of one of the new generation continuous security monitoring solutions. They have been evolving from a reactive to a proactive approach, today we call them threat hunting platforms. Sqrrl combines outstanding visualization capabilities and strong cyber analytics models to make threat hunting and incident detection a walk in the park. To…

Memory Forensics with Vshot and Remnux (code injection, 4)

With this post we are getting nearly to the end of these series of memory analyis with Vshot and Remnux. In this post we are covering some of the plugins to detect the most targeted and stealthy attacks you can find today out there. More often than in previous years, I am coming across more…

The right ingredients for Threat Hunting

Threat Hunting and training such as GCFA are proving to be beneficial to lower the internal detection and dwell time. Not long ago we were discussing the long time that was taking to do internal detection and average dwell time but this is currently changing. Rob Lee and the SANS Institute in their GCFA update…

Hunting down Threat Infrastructure (2, with PassiveTotal)

It’s been a while since I wrote the first post on Threat infrastructure and I believe it will be beneficial for you to first go through it, if you have not done it yet. This will set the context to understand the issues we are trying to solve here. The first post explained how attackers…

The top 10 windows logs event’s used to catch hackers

Very interesting presentation by Michael Gough from SecureWorks. It goes through some malware attack examples and the importance of the windows event id’s for their detection. Another must read. The top 10 windows logs event id's used v1.0 from Michael Gough

Hunting down Threat Infrastructure (1)

In this two article series, I am going to explain how to spot anomalous activity in proxies and DNS queries coming out of your network. Additionally, I am also explaining how to recognize suspicious threat infrastructure, what elements you need to pay attention to, how this infrastructure behaves, what are the challenges for the defender and…

The ultimate targeted attack: Malvertisements

I am very surprised to see the title of this video, it should have included malvertising in it however if someone would have asked me about malvertising I would have undoubtedly answered ‘Elias Manousos’. Him and RiskIQ are today the pioneers in the field of external threat surface. The number of views demonstrate how low…