Table of Contents Introduction Detecting the Command and Control Traffic (C2) Endpoint Detection and Prevention Securing Powershell Threat Hunting Bonus Conclusion Introduction Some of you might have read the tutorials from my dear colleague Crypt0jan on how to bypass Windows Defender. That’s all fine and dandy but we’re a Purple Team and my job…

People often ask me how I analyse a Securiy Alert or incident. There really is no set way and much has to do with experience, the tools at hand and the maturity of your SOC. However there are some steps that in my opinion always work. This is by no…

An Introduction To Security Monitoring With Open Source Software Why another post about security monitoring? Having worked (and build) in Security Operations Centers (SOC) for many years and having observed many organizations during Chapter8’s Purple Team missions, in my experience many companies still view security monitoring as something magical and believe you need a SOC to perform this task…