Network Threat Hunting Books

  Here I leave you what are the best books I have ever read for network threat hunting – security monitoring. These books at the time I read them help me to get back on my feet after some long time without firing wireshark and seeing and nice packet capture. I recommend them as they…

Bypassing Perimeter Security and Malware Evasion (3)

This will be the final post in which I am presenting one of the many infection and evasion techniques used by criminals today. In this article which I hope is shorter than the previous ones, https://samuelalonsog.wordpress.com/2015/08/14/bypassing-perimeter-security-and-malware-evasion-1/ and https://samuelalonsog.wordpress.com/2015/08/24/bypassing-perimeter-security-and-malware-evasion-2/ I presume you are currently competent with pcap analysis and Wireshark as the main aim of this…

Bypassing Perimeter Security and Malware Evasion (2)

This post is a continuation of Bypassing Perimeter Security and Malware Evasion (1) As discussed before the best way to understand how drived by downloads technique work to bypass modern cyberdefenses is with a network traffic analysis exercise. The get a full understanding of the technique we will have to look for answers to some…

Bypassing Perimeter Security and Malware Evasion (1)

I could have titled this article in many ways such as perimeter disintegration, endpoint security visibility still a problem or even exploit kit. The reality is that all of them are part of a bigger problem and it is how criminals are bypassing the security perimeter and getting inside the networks where organization´s most precious…

Reporting to management / evidence reconstruction and hypothesis

In this article I am covering the main points proved in the previous article, Network Forensics – Traffic Analysis (2) In order to report to management we will need to create a timeline that can be checked and that is supported by the evidence extracted from the pcap file. I am starting by a timeline…

Network Forensics – Traffic Analysis (2)

This post is a continuation of the previos post Network Forensics – Traffic Analysis (1). Scenario, Ann skips bail After being released on bail, Ann Dercover disappears! Fortunately, investigators were carefully monitoring her network activity before she skipped town. “We believe Ann may have communicated with her secret lover, Mr. X, before she left,” says…