Collaborate Disseminate
I’m interested in security and redteaming in particular, and as I’m learning about the subject I’m trying to find out what kind of things a blue team EDR/XDR solution will look for as part of its behavioral analysis/zero day detection/inse… Continue reading Understanding XDR Detection Methods
How do cyber pros prioritize their security efforts? A good place to start is knowing exactly what tactics, techniques and procedures (TTP) threat actors use. In a recently published report, aggregated data was used to identify the most common attack techniques as defined by the MITRE ATT&CK framework. The study revealed that PowerShell Command & […]
The post All About PowerShell Attacks: The No. 1 ATT&CK Technique appeared first on Security Intelligence.
Continue reading All About PowerShell Attacks: The No. 1 ATT&CK Technique
As I understand, user behaviour analytics (UBA) makes use of statistical analysis of user behaviour to identify abnormal behaviour that may be indicative of a cyber attack.
Security information and event management (SIEM) technology analys… Continue reading Does SIEM incorporate UBA? [closed]
We have a content-heavy website that allows users to register there. We also send OTP to users while they register to verify the mobile number.
We also have WAF rules set in place to detect unusual traffic plus a dedicated bot manager(with… Continue reading Bot detection for custom application metrics [closed]
We have a content-heavy website that allows users to register there. We also send OTP to users while they register to verify the mobile number.
We also have WAF rules set in place to detect unusual traffic plus a dedicated bot manager(with… Continue reading Bot detection for custom application metrics [closed]
I’m researching log-analysis using webserver/HTTP logs, so I created the pipeline for this use case (Anomaly detection). Let’s say I have number/counts of logged records/events for each username.
The problem is I’m not sure what is the be… Continue reading Defining user anomalies by analysing web server interaction counts [closed]
Adam always reads his e-mails on Sundays around 5 pm. This Saturday,
at 11 am, he accessed his inbox. Which will generate a false positive?
Source slide 10/41
Misuse-based IDS or anomaly-based IDS? IMO the answer should be anomaly-based … Continue reading Misuse vs anomaly detection alerts
Anomaly detection, the “identification of rare occurrences, items, or events of concern due to their differing characteristics from the majority of the processed data,” allows organizations to track “security errors, structural defects and even bank fr… Continue reading What is Anomaly Detection in Cybersecurity?
We are building a packet based anomaly detection system and I’m trying to find labeled packets.
Such dataset doesn’t exist based on my search, but I can find labeled flows.
Can we say that every packet is hostile which is part of a flow th… Continue reading Is every packet of a hostile network flow hostile?
While perimeter defenses like firewalls and antivirus software remain essential elements of comprehensive network defense, stopping 100% of attacks at the perimeter is an impossibility with today’s ever-evolving attack surface. Eventually, an attacker… Continue reading 3 Keys to Defending Active Directory