Intrusion Detection with Windows Event ID’s

This paper is the best I have ever read on how to build IOC's with Windows Event ID's. I highly recommend you to read it, it contains very useful information and some very interesting behavioural examples of attacker activity. If you are looking to enhance your detection in your core network this is the document! http://tinyurl.com/zpggnfq

The Project Sauron APT

Key takeaways, DNS keeps being an important protocol for exfiltration Process Injection, Memory Persistence, no file trace in disk Living of the land techniques to move laterally They thwarted the attribution process not using twice the same threat infrastructure https://securelist.com/files/2016/07/The-ProjectSauron-APT_research_KL.pdf  

Battlefield Digital Forensics

In a quick break this weekend I had a chance to read this new paper developed by NATO to explain and train special forces in the art of digital intelligence and evidence collection. It is clear from this publication how rapidly the world around us is transforming, special forces from now on will be trained … Continue reading Battlefield Digital Forensics

Malware Intelligence (white paper)

Reading though the news some days ago I found an interesting white paper related to malware intelligence and public sandboxes in internet such as Virustotal, Malwr, Threat track and some others. In the past, I ¬†wondered if someone in these organizations was looking at millions of submissions that happen every day, with the aim to … Continue reading Malware Intelligence (white paper)

Asymmetric Cyber Warfare (White Paper)

Digging into the concept of asymmetric cyber warfare and looking for current examples I got to the following white papers which provide an explanation and describe the asymmetric warfare concept. It is also discussed one the most sounded cases of asymmetric cyber warfare known until today, the Jester case. https://ccdcoe.org/sites/default/files/multimedia/pdf/3_2_LilesDietzRogersLarson_ApplyingTraditionalMilitaryPrinciplesToCyberWarfare.pdf https://www.sans.org/reading-room/whitepapers/attacking/jester-dynamic-lesson-asymmetric-unmanaged-cyber-warfare-33889