Collaborate Disseminate
A zero-day vulnerability that, when triggered, could crash the Windows Event Log service on all supported (and some legacy) versions of Windows could spell trouble for enterprise defenders. Discovered by a security researcher named Florian and reported… Continue reading A zero-day vulnerability (and PoC) to blind defenses relying on Windows event logs
I had a tab randomly open up that was for adware. Luckily, it was caught by my ad blocker, but I would like to figure out what triggered it to open.
I tried checking its history state through console, but I found nothing interesting. I t… Continue reading Does chromium keep logs of the events leading up to opening a new tab? [migrated]
I am wondering some issues about event log safety of powershell. I think is it possible to alter the powershell itself. But theorically the event log should show us every attempt made in powershell such as opening commands or codes that ma… Continue reading Can already opened event logs of PowerShell’s event properties screens on Windows be hacked by hackers in milliseconds?
I am wondering some issues about event log safety of powershell. I think is it possible to alter the powershell itself. But theorically the event log should show us every attempt made in powershell such as opening commands or codes that ma… Continue reading Can already opened event logs of PowerShell’s event properties screens on Windows be hacked by hackers in milliseconds?
CISA launched a new version of Logging Made Easy (LME), a straightforward log management solution for Windows-based devices that can be downloaded and self-installed for free. CISA’s version reimagines technology developed by the United Kingdom’s Natio… Continue reading Logging Made Easy: Free log management solution from CISA
I have a default KQL below which is used to detect when Cisco ISE failed backup, it fires an alert in Sentinel.
But it is not working as expected – it does fire an alert, but returning a timestamp only.
Nonetheless, I can see it is also su… Continue reading Configured KQL not working properly – CiscoISE event 60095 and 60098
I’m currently designing an API endpoint to validate a customer, and they can either pass in their postcode or their last name, as well as their customer ID (plus some other irrelevant data).
I’ve heard that including PII or sensitive data … Continue reading Is it a security issue to include postcode and/or last name in a GET request query string?
Starting in September 2023, more federal government and commercial Microsoft customers will have access to expanded cloud logging capabilities at no additional charge, Microsoft and the Cybersecurity and Infrastructure Security Agency (CISA) have annou… Continue reading Thanks Storm-0558! Microsoft to expand default access to cloud logs
Is it possible to determine whether someone has hijacked a RDP session with tscon?
I tried to look into TerminalService-LocalSessionManager logs, the EventID 25 looks much like it, but a normal reconnect would create the same log entry.
An… Continue reading Detect tscon execution from event logs
Is it possible to determine whether someone has hijacked a RDP session with tscon?
I tried to look into TerminalService-LocalSessionManager logs, the EventID 25 looks much like it, but a normal reconnect would create the same log entry.
An… Continue reading Detect tscon execution from event logs