Today, malware is one of the biggest threats to our organizations and assets. Identifying and hunting this malware is one of the most important issues in the field of security. In this article, we are going to talk about 10 commonly used tools for identifying and analyzing malware. What Is Malware Analysis? Malware analysis refers […]
SIGMA format is one of the common languages ​​of security systems such as EDR and SIEM. According to this format, we can create rules to identify threats. Note that SOC engineers are constantly dealing with security equipment, including SIEM. SIEMs have different languages, each of which follows a specific format. For example, to detect the […]
Today, one of the attackers’ most widely used techniques is the Fileless Malware. Fileless Malware refers to malware that does not use a specific code or binary on the disk to execute and does not execute certain content on the disk, which is malicious code related to the attacker’s malware. Fileless Malware can take many […]
Today, there are many defense types of equipment, techniques and tactics, tools, and laws that security organizations and engineers use. All of these are far from aimed at preventing attacks and threats, but the question always arises: Are the techniques and methods we use resistant to the attacks we want and can prevent them? We […]
In this article, we will introduce 15 widely used tools in Blue Team (Blue Team). These tools are among the most important and most commonly used tools in the area of Blue Team, which are provided for free and open-source, and you can use You do. From the need to pay. Tool 1 – TheHive […]
Managed Detection and Response (MDR) is one of the security processes organizations use that outsource their data and resources security. In a more straightforward sense, organizations to protect themselves and their data and detect and monitor threats within the organization instead of making a security operations center, hiring and creating a security team/incidents response team/threat […]
The process of Incidents Response is important and its accurate and principled performance is more important. Therefore, this process, like other processes in the field of security, has special tools that make the process of Incident Response easier and faster.In this article, we are going to introduce the Incidents Response process and introduce 5 of […]
In this article, we are going to talk about the DeepBlueCli tool for Threat Hunting in Windows via Event Viewer (Event Log). This powershell script can analyze various events in the Event Log, including Sysmon, Application, Security, etc. What Is DeepBlueCli? DeepBlueCli is a PowerShell-based tool used to detect and detect threats. This tool is […]
In this post I will talk about how to send Sysmon to Splunk. One of the most popular security products is Splunk, which is mainly used to identify threats and analyze events. In this part of the Sysmon 101 course, we will talk about how to send a Sysmon log to Splunk. Send Sysmon Log […]
In the third part of Sysmon 101 training course, we are going to talk about the events that are used in Sysmon to hunt for threats.Part 1: What Is Threat Hunting?Part 2: What Is Sysmon? And How To Install Sysmon Event ID 1: Process Creation Process creation events give us a variety of information about […]
Elissa Garlin
Think of a news blog that’s filled with content hourly on the day of going live.