What is the SSL Offloading solution, and how does it work? SSL protocol (of course, this protocol is obsolete, and its replacement version is TLS, but the name of the SSL Offloading solution has not changed, for that reason, we use the title SSL) is a protocol that is used to encrypt and decrypt data […]
Today, one of the attackers’ most widely used techniques is the Fileless Malware. Fileless Malware refers to malware that does not use a specific code or binary on the disk to execute and does not execute certain content on the disk, which is malicious code related to the attacker’s malware. Fileless Malware can take many […]
Today, there are many defense types of equipment, techniques and tactics, tools, and laws that security organizations and engineers use. All of these are far from aimed at preventing attacks and threats, but the question always arises: Are the techniques and methods we use resistant to the attacks we want and can prevent them? We […]
In this article, we will introduce 15 widely used tools in Blue Team (Blue Team). These tools are among the most important and most commonly used tools in the area of Blue Team, which are provided for free and open-source, and you can use You do. From the need to pay. Tool 1 – TheHive […]
Managed Detection and Response (MDR) is one of the security processes organizations use that outsource their data and resources security. In a more straightforward sense, organizations to protect themselves and their data and detect and monitor threats within the organization instead of making a security operations center, hiring and creating a security team/incidents response team/threat […]
One of Persistence’s advanced tactics in cyber security is the PreOS Boot technique. In this article, we will introduce this security tactic to stabilize access. MITRE ATT&CK ID:Â T1542 Sub-techniques: T1542.001, T1542.002, T1542.003, T1542.004, T1542.005 Tactics: Defense Evasion, Persistence Platforms: Linux, Network, Windows, macOS Defense Bypassed: Anti-virus, File monitoring, Host intrusion prevention systems What Is Persistence […]
The process of Incidents Response is important and its accurate and principled performance is more important. Therefore, this process, like other processes in the field of security, has special tools that make the process of Incident Response easier and faster.In this article, we are going to introduce the Incidents Response process and introduce 5 of […]
In this article, we are going to talk about the DeepBlueCli tool for Threat Hunting in Windows via Event Viewer (Event Log). This powershell script can analyze various events in the Event Log, including Sysmon, Application, Security, etc. What Is DeepBlueCli? DeepBlueCli is a PowerShell-based tool used to detect and detect threats. This tool is […]
One of the relatively old techniques for executing code, or Code Execution, is the Squiblydoo technique, with which we can run a Code Execution attack and execute our malicious code. MITRE ATT&CK ID: T1218.010 Sub-technique of: T1218 Tactic: Defense Evasion Platforms: Windows Squiblydoo technique is also known by other titles, including Regsvr32 Code Execution, and […]
In this post I will talk about how to send Sysmon to Splunk. One of the most popular security products is Splunk, which is mainly used to identify threats and analyze events. In this part of the Sysmon 101 course, we will talk about how to send a Sysmon log to Splunk. Send Sysmon Log […]
Elissa Garlin
Think of a news blog that’s filled with content hourly on the day of going live.