Threat Hunting
Blinded by Silence
Blinded by Silence: How Attackers Disable EDROverviewEndpoint Detection and Response systems (EDRs) are an essential part of modern cybersecurity strategies. EDR solutions gather and analyze data from endpoints to identify suspicious activities and ...
Linux Persistence Mechanisms and How to Find Them
Linux persistence mechanisms are used by an attacker to maintain access to a compromised system, even after reboots or system updates. These allow attackers to regain control of a system without re-exploiting ...
Unlocking the Power of AI in Threat Hunting
TechSpective Podcast Episode 139 In the latest TechSpective Podcast, I had the pleasure of speaking with Wilson Tang, a Machine Learning Engineer on Adobe’s threat hunting team. Our conversation delved into ...
Hunting Specula C2 Framework and XLL Execution
Specula is a framework that allows for interactive operations of an implant that runs purely in the context of Outlook. It works by setting a custom Outlook homepage via registry keys that ...
Detection Rules & MITRE ATT&CK Techniques
We Can Do BetterAs a Detection Engineer and Threat Hunter, I love MITRE ATT&CK and I whole-heartedly believe that you should too. However, there’s something about the way that some folks leverage MTIRE ...
Linux Detection Opportunities for CVE-2024-29510
OverviewA remote code execution (RCE) vulnerability in the Ghostscript document conversion toolkit, identified as CVE-2024–29510, is currently being exploited in the wild. Ghostscript, which comes pre-installed on many Linux distributions, is used ...
Threat Hunting in Smart SOAR
In modern cybersecurity operations, threat hunting has become an essential proactive defense strategy. Leveraging Security Orchestration, Automation, and Response (SOAR) playbooks enhances this activity, making it more efficient and effective. This blog ...
Threat Hunting in Smart SOAR
In modern cybersecurity operations, threat hunting has become an essential proactive defense strategy. Leveraging Security Orchestration, Automation, and Response (SOAR) playbooks enhances this activity, making it more efficient and effective. This blog ...
Demystifying Okta Attacks with Dorothy and Splunk
https://github.com/elastic/dorothyOverviewOkta is a leading identity and access management (IAM) platform designed to help organizations securely manage and streamline user authentication and authorization. It provides a comprehensive suite of services, including single sign-on ...
Detecting CVE-2024–32002
Detecting CVE-2024–32002 Git RCEDetecting CVE-2024–32002 Git RCEIntroductionCloning a git repository without thoroughly reviewing the code is a common practice, but it can lead to severe consequences if you’re running a version of Git (Prior ...
