Collaborate Disseminate
I’m working on some detections for Kerberoasting using event 4769 (A Kerberos service ticket was requested) by trying to find users requesting multiple TGS tickets for several services in a short span of time. The user can be found in the … Continue reading What does a missing "Account" field mean in Windows event 4769 (A Kerberos service ticket was requested)? [migrated]
Extended detection and response (XDR) is a security solution that delivers end-to-end visibility, detection, investigation and response across multiple security layers. Core components of an XDR architecture include federation of security signals, higher-level behavioral and cross-correlated analytics, and closed-loop and highly automated responses. This creates a truly unified experience supported by a solutions architecture that […]
The post What Is Extended Detection and Response (XDR)? appeared first on Security Intelligence.
Continue reading What Is Extended Detection and Response (XDR)?
By Keith Jones, Anthony Kasza and Ben Reardon, Security Researchers, Corelight Introduction Recently, Trustwave reported on a new malware family which they discovered during a breach investigation. The backdoor, dubbed Pingback, executes on Windows sys… Continue reading Pingback: ICMP Tunneling Malware
What are you not detecting?
OK, what threats are you NOT detecting?
Still didn’t help?
What I mean here is: are you thinking about these:
Threats that you don’t need to detect due to your risk profile, your threat assessment, etc.
Threats that you do … Continue reading What Are Your NOT Detecting?
We are building a packet based anomaly detection system and I’m trying to find labeled packets.
Such dataset doesn’t exist based on my search, but I can find labeled flows.
Can we say that every packet is hostile which is part of a flow th… Continue reading Is every packet of a hostile network flow hostile?
The history of NetWitness reflects the continuous evolution of threats and bad actors. Begun as a government intelligence research project, NetWitness has earned a reputation as the most powerful detection and forensics platform in the industry.
The po… Continue reading NetWitness ? A Brief History of an Iconic Threat Detection & Response Platform
How does a computer get infected with watch-video.net malware, and why aren’t popular tools like windows defender or malwarebytes able to detect and remove it? Is there a practical way to prevent these types of things at the network level?… Continue reading watch-video.net malware and preventing these types of infections at the network level [closed]
Many cars are now equipped with pedestrian-detecting radar systems, but those systems can still be blocked by obstacles such as buildings or other vehicles. A new setup is intended to get around that problem, by taking the radar to the streets.Continue… Continue reading Street-based radar system designed to save pedestrian lives
I am trying to figure out which features that are extracted from the volatile memory can be used for (binary) classification. More precisely, I am using the volatility framework, and I want to collect evidence that indicates possible abnor… Continue reading Volatility Framework results for ML classification models [closed]
Stripe’s fraud detection documentation claims it has
Proxy Detection
When I search for how it might be detecting traffic from proxies, I see this great answer, which show how to detect that traffic.
But I am not sure how reliable it is. … Continue reading Is it possible to completely obfuscate proxy servers?