Sign in

Table of Contents

  • Introduction
  • Detecting the Command and Control Traffic (C2)
  • Endpoint Detection and Prevention
  • Securing Powershell
  • Threat Hunting
  • Bonus
  • Conclusion

Introduction

Some of you might have read the tutorials from my dear colleague Crypt0jan on how to bypass Windows Defender. That’s all fine and dandy but we’re a Purple Team and my job as a Blue Teamer and hunter is making sure guys like him don’t succeed in their endeavours. In this blog I will analyse what he did in Red Team Tutorial #3 and #4 and how you can prevent and detect these attacks. For most detections and preventions to work I…


People often ask me how I analyse a Securiy Alert or incident. There really is no set way and much has to do with experience, the tools at hand and the maturity of your SOC. However there are some steps that in my opinion always work. This is by no means a definitive way of analysing an alert, however this works for me. Escalation and communication are out of scope, but maybe something for another time. Because examples work best, I will explain the process using a real alert from our Security Onion (SO) instance.

We’ll start by checking the…


An Introduction To Security Monitoring With Open Source Software

Why another post about security monitoring?

Having worked (and build) in Security Operations Centers (SOC) for many years and having observed many organizations during Chapter8’s Purple Team missions, in my experience many companies still view security monitoring as something magical and believe you need a SOC to perform this task. This may seem daunting especially for smaller organizations. But in today’s climate, you can’t get away with doing nothing anymore. You should do some form of security monitoring and log analysis, if only to provide data after a breach.

That being said, utilising Open Source Software smartly can lead to…

Cyb3rt

Hunter // Co-Founder at Chapter8

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store