How to remove a very stealthy virus? [duplicate]
This question already has an answer here:
Help! My home PC has been infected by a virus! What do I do now?
10 answers
I h… Continue reading How to remove a very stealthy virus? [duplicate]
Category Archives: Anomaly Detection
AMSI scanning for domain specific languages
Should an application on Windows that has a DSL (domain specific language, scripting interpreter in this case) pass those scripts to AMSI for scanning, or should we restrict ourselves to more known types such as DLLs, Excel e… Continue reading AMSI scanning for domain specific languages
What Tools Do People Use For Hunting Malware?
I would like to hear about some of the tools that people use for hunting malware on a machine. This is not really for analyzing malware but more for detection of malware to see if a machine is infected and if so how to clean … Continue reading What Tools Do People Use For Hunting Malware?
What use-cases can be determined, for anomaly-based intrusion detection, for a web and mobile network traffic? [on hold]
I have to apply machine learning algorithms to detect anomalies in network traffic. My network architecture is composed of a web server (linux), reverse proxy (F5), firewalls (CISCO ASA, Fortigate), the intranet.
My data are … Continue reading What use-cases can be determined, for anomaly-based intrusion detection, for a web and mobile network traffic? [on hold]
Facebook AI constantly "Detects suspicious activity" = locked account
Super tired of Facebook locking my account after declaring it’s detected suspicious activity. Don’t want to use it at all, but pretty much have to. 🙁
Have 2FA turned on (Google Auth), so:
1) Not on the real FB. In fact, on … Continue reading Facebook AI constantly "Detects suspicious activity" = locked account
Web server log analysis for anomaly detection [on hold]
I am interested in knowing that in what way, other attributes values of Apache log server can be used in anomaly detection?
Continue reading Web server log analysis for anomaly detection [on hold]
Identify SSL invalid handshake using Wireshark
I am doing a research on “Network flow anomaly detection” and use Wireshark for my work. I have a problem of identifying the packets with invalid SSL/TLS handshakes. Is there a way/algorithm to detect these invalid SSL/TLS ha… Continue reading Identify SSL invalid handshake using Wireshark
How to use a dataset (training vs. testing)?
Recently, I made a post about finding suitable dataset for SIEM systems. The goal was to work on classification and correlation.
Thanks to the feedback you guys gave, I decided to use the dataset from the Honeynet Project Ch… Continue reading How to use a dataset (training vs. testing)?
Data sources used in advanced threat hunting programs
In your organisation’s advanced threat hunting program;
What are your most interesting datasets you hunt on?
What tools are used to hunt those datasets (are they open source? commercial? proprietary?)
We are trying to map… Continue reading Data sources used in advanced threat hunting programs
Datasets dedicated for SIEM systems
I am looking for data sets published by researchers or freelancers which can be used for the purpose of SIEM testing and evaluations. The goal is to test the classification (and later correlation) for this system.
Some rese… Continue reading Datasets dedicated for SIEM systems