threat hunting – Page 20 – WindowsTechs.com

DEF CON 28 Safe Mode Blue Team Village – Connor Morley’s ‘OuterHaven: The UEFI Memory Space Waiting To Be Misused

Posted on September 28, 2020 by Marc Handelman

Many thanks to DEF CON and Conference Speakers for publishing their comprehensive and outstanding presentations; of which, originally appeared at the organization’s DEFCON 28 SAFE MODE Conference, and on the DEF CON YouTube channel. Enjoy!
Permalink
Th… Continue reading DEF CON 28 Safe Mode Blue Team Village – Connor Morley’s ‘OuterHaven: The UEFI Memory Space Waiting To Be Misused→

Incident Response: 5 Steps to Prevent False Positives

Posted on September 4, 2020 by Koen Van Impe

False positive alerts in your threat intel platform can leave your team scrambling. It’s like driving to the wrong address. You reach a place, but also waste time you could have used at your intended destination. For security teams, knowing how to screen for false positives saves time and makes the team more efficient at […]

The post Incident Response: 5 Steps to Prevent False Positives appeared first on Security Intelligence.

Continue reading Incident Response: 5 Steps to Prevent False Positives→

SMS Phish – An Incident Walkthrough

Posted on September 3, 2020 by Amanda Mates

Opener The goal of this blog post is to provide an approach to analyzing a text-based phish link. I will primarily focus on the initial steps to properly view the phish site from a non-mobile browser, provide OPSEC setup and browsing analysis recommendations, and conclude with defense measures to protect against such attacks. Analysis Background…

The post SMS Phish – An Incident Walkthrough appeared first on TrustedSec.

Continue reading SMS Phish – An Incident Walkthrough→

SOC 2.0: A Guide to Building a Strong Security Ops Team

Posted on September 2, 2020 by Miranda Ritchie

In a security operations center (SOC), your cybersecurity tools are only as good as the people using them and your SOC’s culture. What are the critical SOC roles? What qualities should you look for when hiring for them? And, what should you expect from a cybersecurity career? Drawing from my experience working in IBM Security’s […]

The post SOC 2.0: A Guide to Building a Strong Security Ops Team appeared first on Security Intelligence.

Continue reading SOC 2.0: A Guide to Building a Strong Security Ops Team→

Learn how malware operates so you can defend yourself against it

Posted on August 24, 2020 by Emiliano Martinez

TL;DR: VirusTotal is hosting an APJ webinar on August 27th showcasing our advanced threat enrichment and threat hunting capabilities, register for the webinar, it is free.Following the EMEA webinar that we recently conducted (watch on demand if you mis… Continue reading Learn how malware operates so you can defend yourself against it→

Become The Malware Analyst Series: PowerShell Obfuscation Shellcode

Posted on August 20, 2020 by Amanda Mates

In this second installment of the ‘Become a Malware Analyst Series,” Principal Incident Response & Research Consultant Scott Nusbaum focuses on PowerShell obfuscation by analyzing a PowerShell sample that was identified during an… Continue reading Become The Malware Analyst Series: PowerShell Obfuscation Shellcode→

Threat Hunting Techniques: A Quick Guide

Posted on August 5, 2020 by Asheesh Kumar

Threat hunting is an essential part of security operations center services and should be incorporated at an early stage. Threat hunting is the art of finding the unknowns in the environment, going beyond traditional detection technologies, such as security information and event management (SIEM), endpoint detection and response (EDR) and others. There are multiple methods […]

The post Threat Hunting Techniques: A Quick Guide appeared first on Security Intelligence.

Continue reading Threat Hunting Techniques: A Quick Guide→

Qualys Extends Cloud Reach Into EDR Realm

Posted on July 29, 2020 by Michael Vizard

Qualys today launched an Endpoint Detection and Response (EDR) cloud service, while at the same time revealing it has acquired the software assets of Spell Security to improve the quality of the metrics it provides threat hunting teams. Company CEO Ph… Continue reading Qualys Extends Cloud Reach Into EDR Realm→

Aviation Can Anticipate an Increase in State-Sponsored Activity

Posted on July 28, 2020 by Claire Zaboeva

The combination of lockdown measures, travel restrictions and stalling demand brought on by COVID-19 has caused an unprecedented collapse in the global air transport industry. Facing a projected loss of $84.3 billion in revenue and 32 million aviation-related jobs worldwide, nations are scrambling to provide much-needed financial support to sustain domestic airlines. As countries independently […]

The post Aviation Can Anticipate an Increase in State-Sponsored Activity appeared first on Security Intelligence.

Continue reading Aviation Can Anticipate an Increase in State-Sponsored Activity→

Become The Malware Analyst Series: Malicious Code Extraction and Deobfuscation

Posted on July 7, 2020 by Nathan Noll

In this video, Senior Incident Response & Research Consultant Scott Nusbaum demonstrates a method to extract and deobfuscate code from a malicious document. Upon rendering the code readable, Nusbaum works to gain an understanding of the goals the malware was attempting to accomplish and the processes by which it undertook that effort. This video is…

The post Become The Malware Analyst Series: Malicious Code Extraction and Deobfuscation appeared first on TrustedSec.

Continue reading Become The Malware Analyst Series: Malicious Code Extraction and Deobfuscation→