Today, malware is one of the biggest threats to our organizations and assets. Identifying and hunting this malware is one of the most important issues in the field of security. In this article, we are going to talk about 10 commonly used tools for identifying and analyzing malware. What Is Malware Analysis? Malware analysis refers […]
Today, there are many defense types of equipment, techniques and tactics, tools, and laws that security organizations and engineers use. All of these are far from aimed at preventing attacks and threats, but the question always arises: Are the techniques and methods we use resistant to the attacks we want and can prevent them? We […]
In this article, we will introduce 15 widely used tools in Blue Team (Blue Team). These tools are among the most important and most commonly used tools in the area of Blue Team, which are provided for free and open-source, and you can use You do. From the need to pay. Tool 1 – TheHive […]
Managed Detection and Response (MDR) is one of the security processes organizations use that outsource their data and resources security. In a more straightforward sense, organizations to protect themselves and their data and detect and monitor threats within the organization instead of making a security operations center, hiring and creating a security team/incidents response team/threat […]
One of Persistence’s advanced tactics in cyber security is the PreOS Boot technique. In this article, we will introduce this security tactic to stabilize access. MITRE ATT&CK ID:Â T1542 Sub-techniques: T1542.001, T1542.002, T1542.003, T1542.004, T1542.005 Tactics: Defense Evasion, Persistence Platforms: Linux, Network, Windows, macOS Defense Bypassed: Anti-virus, File monitoring, Host intrusion prevention systems What Is Persistence […]
The process of Incidents Response is important and its accurate and principled performance is more important. Therefore, this process, like other processes in the field of security, has special tools that make the process of Incident Response easier and faster.In this article, we are going to introduce the Incidents Response process and introduce 5 of […]
In this article, we are going to talk about the DeepBlueCli tool for Threat Hunting in Windows via Event Viewer (Event Log). This powershell script can analyze various events in the Event Log, including Sysmon, Application, Security, etc. What Is DeepBlueCli? DeepBlueCli is a PowerShell-based tool used to detect and detect threats. This tool is […]
One of the relatively old techniques for executing code, or Code Execution, is the Squiblydoo technique, with which we can run a Code Execution attack and execute our malicious code. MITRE ATT&CK ID: T1218.010 Sub-technique of: T1218 Tactic: Defense Evasion Platforms: Windows Squiblydoo technique is also known by other titles, including Regsvr32 Code Execution, and […]
In this post I will talk about how to send Sysmon to Splunk. One of the most popular security products is Splunk, which is mainly used to identify threats and analyze events. In this part of the Sysmon 101 course, we will talk about how to send a Sysmon log to Splunk. Send Sysmon Log […]
In the third part of Sysmon 101 training course, we are going to talk about the events that are used in Sysmon to hunt for threats.Part 1: What Is Threat Hunting?Part 2: What Is Sysmon? And How To Install Sysmon Event ID 1: Process Creation Process creation events give us a variety of information about […]
Elissa Garlin
Think of a news blog that’s filled with content hourly on the day of going live.