In this article, we are going to talk about the DeepBlueCli tool for Threat Hunting in Windows via Event Viewer (Event Log). This powershell script can analyze various events in the Event Log, including Sysmon, Application, Security, etc. What Is DeepBlueCli? DeepBlueCli is a PowerShell-based tool used to detect and detect threats. This tool is […]
One of the relatively old techniques for executing code, or Code Execution, is the Squiblydoo technique, with which we can run a Code Execution attack and execute our malicious code. MITRE ATT&CK ID: T1218.010 Sub-technique of: T1218 Tactic: Defense Evasion Platforms: Windows Squiblydoo technique is also known by other titles, including Regsvr32 Code Execution, and […]
In this post I will talk about how to send Sysmon to Splunk. One of the most popular security products is Splunk, which is mainly used to identify threats and analyze events. In this part of the Sysmon 101 course, we will talk about how to send a Sysmon log to Splunk. Send Sysmon Log […]
In the third part of Sysmon 101 training course, we are going to talk about the events that are used in Sysmon to hunt for threats.Part 1: What Is Threat Hunting?Part 2: What Is Sysmon? And How To Install Sysmon Event ID 1: Process Creation Process creation events give us a variety of information about […]
The Sysmon tool is part of the Sysinternals software suite provided by Microsoft. The Sysmon tool allows us to analyze, and monitor Windows system events and logs. Through Sysmon, we can analyze and investigate system events and use them to identify threats and respond to incidents … This software has become one of the most […]
In the Sysmon 101 course, we teach Sysmon tool from basic to advanced and This is the first part of the Sysmon 101 training course. In this part, we are going to talk about Threat Hunting. WWhat Is Threat Hunting? The concept of threat hunting refers to the process by which we seek to detect […]
In 2015, when Cisco bought OpenDNS and took a big step in cloud security equipment. Provides a Software As A Service or SaaS to provide security at the DNS protocol level. What Is OpenDNS Platform?Introduced in 2006 to improve and enhance user security using the DNS protocol, it gradually began developing and creating a product […]
In this post, we want to talk about Azure Sentinel. With this product we can Collect, monitor, and investigate data from many sources such as cloud, endpoint, and network devices Azure Sentinel is known as one of the security information and event management (SIEM) platforms on the cloud which was created directly on Microsoft Azure, […]
Elissa Garlin
Think of a news blog that’s filled with content hourly on the day of going live.