Collaborate Disseminate
I’m struggling to understand what is an indicator of compromise.
I found different definitions on the web but I still don’t know.
The definitions I found are:
1 – Something (file, network connection) that indicates a system … Continue reading What is an indicator of compromise?
Having a strange issue where dragging and dropping an email onto a Mozilla Firefox window redirects the first tab to one of several websites, and the second tab opens with some text from the message in the address bar. Been … Continue reading Indicator of Compromise – Mozilla Firefox – Malware Redirect [on hold]
Having a strange issue where dragging and dropping an email onto a Mozilla Firefox window redirects the first tab to one of several websites, and the second tab opens with some text from the message in the address bar. Been … Continue reading Indicator of Compromise – Mozilla Firefox – Malware Redirect [on hold]
I published the following diary on isc.sans.org: “Top-100 Malicious IP STIX Feed“. Yesterday, we were contacted by one of our readers who asked if we provide a STIX feed of our blocked list or top-100 suspicious IP addresses. STIX means “Structured Threat Information eXpression” and enables organizations to share indicator
[The post [SANS ISC] Top-100 Malicious IP STIX Feed has been first published on /dev/random]
If File Integrity Monitoring (FIM) were easy, everyone would be doing it. Actually, it is pretty easy. It’s not exactly rocket science. Practically anyone with a modicum of Python, Perl or development skills can write an app or a script to gather the c… Continue reading Superior Integrity Monitoring: Getting Beyond Checkbox FIM
Looking back at a year like 2017 brings the internal conflict of being a security researcher into full view: on the one hand, each new event is an exciting new research avenue for us, as what were once theoretical problems find palpable expression in reality. On the other hand, as people with a heightened concern for the security posture of users at large, each event is a bigger catastrophe. Continue reading Kaspersky Security Bulletin: Threat Predictions for 2018
While you use a tool every day, you get more and more knowledge about it but you also have plenty of ideas to improve it. I’m using Splunk on a daily basis within many customers’ environments as well as for personal purposes. When you have a big database of events,
[The post Splunk Custom Search Command: Searching for MISP IOC’s has been first published on /dev/random]
Continue reading Splunk Custom Search Command: Searching for MISP IOC’s
I have a IOC that has a command line argument that looks like this below. Wanted to see if someone could help me parse it out a little bit to understand what is happening.
C:\Windows\System32\mshta.exe javascript:GO3sOtu=BN1… Continue reading How to read command line argument for potential issue
I have a IOC that has a command line argument that looks like this below. Wanted to see if someone could help me parse it out a little bit to understand what is happening.
C:\Windows\System32\mshta.exe javascript:GO3sOtu=BN1… Continue reading How to read command line argument for potential issue
As part of a project, I need to build/configure profiles based on suspicious processes behavior to which matching can be done within a sandbox, when files are being executed. The directive is to work with the IoC – Indicators… Continue reading How to build profiles based on suspicious processes behavior to be used in sandbox? [on hold]