Collaborate Disseminate
Sysmon fails to use EventFiltering properties written in config file. I am trying to use,for example, this kind of config to detect network activity from powershell process:
<Sysmon schemaversion=”4.21″>
<HashA… Continue reading Sysmon fails to use config file in Windows 7
I’m trying to find a good site or DB where you can find threat groups based on industry.
Ex: Search for retail and it pulls up ATP1, ATP87, ATP43, etc.
I’ve found SOME sites like mitre attack, fire eye, but none of them all… Continue reading Find ATP Groups based on industry
I can expect running port scanners, brute-force bots, MiTM attacks, and script kiddies trying attacking my computer.
Can I safely use OpenBSD in the hostile network without any additional hardening?
Is relying on minimal in… Continue reading Can I run OpenBSD safely in a hostile network? [on hold]
In the world of security operations, quickly and accurately investigating security incidents is paramount. As a result, filtering out the non-consequential incidents from the consequential incidents helps reduce the investigative time for the secu… Continue reading Reducing Investigation Time: How to Quickly Parse True Positives
I would like to hear about some of the tools that people use for hunting malware on a machine. This is not really for analyzing malware but more for detection of malware to see if a machine is infected and if so how to clean … Continue reading What Tools Do People Use For Hunting Malware?
Its well known that popular Linux distros use the PAM default to slightly delay incorrect login attempts, thus mitigating brute-force attacks against a user account (for example, running su repeatedly with different password … Continue reading Preventing Linux brute force concurrent su/sudo attempts
I was looking for conditions/circumstances under which Dllhost.exe can spawn a child process. I examined a huge quantity of event logs from various Windows system and didn’t come across any event in which Dllhost.exe spawns a child process… Continue reading Under which conditions can dllhost.exe spawn child process? | MITRE ATT&CK T1191
we see over 10 million threat and spam emails on a daily basis and provide this data to a handful of vendors. Can anyone suggest who else we should be speaking with re our feed and how they can make use of this data?
There are many benefits to using machine learning as part of your cybersecurity strategy Cyberthreats posed by malicious actors have never been more prevalent nor potentially harmful as they are now. Each attack has the potential to cripple an organiz… Continue reading Using Machine Learning to Address Evolving Threats
Several new hardware side-channels were discovered called MDS attacks, which allow reading arbitrary memory, like Meltdown. Many existing mitigations are useless against them. The relevant CVEs are:
CVE-2018-12126 – Microarchitectural Sto… Continue reading What are the new MDS attacks, and how can they be mitigated?