threat hunting – Page 16 – WindowsTechs.com

MythBusters: What pentesting is (and what it is not)

Posted on April 29, 2021 by Help Net Security

You’ve probably seen the term pentesting pop up in security research and articles, but do you know what it really means? Simply put, penetration testing is a security assessment, analysis and a progression of simulated attacks on an application or netw… Continue reading MythBusters: What pentesting is (and what it is not)→

CrowdStrike + Corelight partner to reach new heights

Posted on April 22, 2021 by Lana Knop

By Lana Knop, Chief Product Officer, Corelight Through our newly announced partnership with CrowdStrike, Corelight customers will be able to incorporate CrowdStrike’s best-in-class threat intelligence into Corelight Sensors to generate actionable alert… Continue reading CrowdStrike + Corelight partner to reach new heights→

What Is SIEM and How Does it Work? The Past, Present and Future

Posted on April 20, 2021 by Wendy Willner

Security information and event management (SIEM) solutions provide organizations centralized visibility into their IT and even sometimes OT environments. At a high level, a SIEM turns data into actionable insights by: Ingesting a vast amount of event data from across the enterprise, including on-premise and cloud-based environments; Applying real-time analytics to aggregate related security events […]

The post What Is SIEM and How Does it Work? The Past, Present and Future appeared first on Security Intelligence.

Continue reading What Is SIEM and How Does it Work? The Past, Present and Future→

How AI in Cybersecurity Addresses Challenges Faced by Today’s SOC Analysts

Posted on April 16, 2021 by Banu Yuceer

Today’s security operations centers (SOC) have to manage data, tools and teams dispersed across the organization, making threat detection and teamwork difficult. There are many factors driving complex security work. Many people now work from home with coworkers in far-away places. The cost and maintenance of legacy tools and the migration to cloud also make […]

The post How AI in Cybersecurity Addresses Challenges Faced by Today’s SOC Analysts appeared first on Security Intelligence.

Continue reading How AI in Cybersecurity Addresses Challenges Faced by Today’s SOC Analysts→

Combating Sleeper Threats With MTTD

Posted on April 16, 2021 by Koen Van Impe

During the SolarWinds Orion supply chain compromise, threat actors lurked in the victim’s network for more than a year. Discovered by FireEye in December 2020, the earliest traces of a modified SolarWinds Orion go back as early as October 2019. Although these early versions did not contain the malicious backdoor (this was added in March […]

The post Combating Sleeper Threats With MTTD appeared first on Security Intelligence.

Continue reading Combating Sleeper Threats With MTTD→

Advice for aspiring threat hunters, investigators, and researchers from the old town folk

Posted on April 15, 2021 by Help Net Security

There’s a big cohort of security geeks who joined the industry around the turn of the millennium by either landing “infosec” jobs or, quite frequently, just by making infosec their job despite having some other formal job title. I count myself in this … Continue reading Advice for aspiring threat hunters, investigators, and researchers from the old town folk→

Using the Threat Modeling Manifesto to Get Your Team Going

Posted on April 7, 2021 by Irene Michlin

Secure software development requires a ‘shift left’ — paying attention to security and privacy early in the life cycle. Threat modeling is a very useful activity for achieving this goal, but for a variety of reasons, organizations struggle to introduce it. Last year, a group of industry and academy experts got together with the goal […]

The post Using the Threat Modeling Manifesto to Get Your Team Going appeared first on Security Intelligence.

Continue reading Using the Threat Modeling Manifesto to Get Your Team Going→

Review: Group-IB Threat Hunting Framework

Posted on April 6, 2021 by Help Net Security

The IT infrastructure of larger organizations is very heterogeneous. They have endpoints, servers and mobile devices running various operating systems and accessing internal systems. On those systems, there is a great number of disparate tools – from o… Continue reading Review: Group-IB Threat Hunting Framework→

TrustedSec Incident Response Team Slack AMA 02.17.2021

Posted on March 16, 2021 by Amanda Mates

On February 17, 2021 TrustedSec hosted an ‘Ask Me Anything’ on our Slack Workplace with TrustedSec’s Incident Response Team. Many great questions were asked and lots of information exchanged that we didn’t want to get lost with time, so we’ve put together this blog with questions and the conversation that blossomed from them. Please note:…

The post TrustedSec Incident Response Team Slack AMA 02.17.2021 appeared first on TrustedSec.

Continue reading TrustedSec Incident Response Team Slack AMA 02.17.2021→

Who Left the Backdoor Open? Using Startupinfo for the Win

Posted on February 18, 2021 by Amanda Mates

In the endless quest to research additional Windows system forensic artifacts to use during an Incident Response investigation, I stumbled across something I thought was cool. This definitely wasn’t a new artifact, it was just a specific native Windows XML file that I wasn’t aware of. I noticed this file was not commonly used from…

The post Who Left the Backdoor Open? Using Startupinfo for the Win appeared first on TrustedSec.

Continue reading Who Left the Backdoor Open? Using Startupinfo for the Win→