In my last blog, I wrote how to detect fileless malware, but out-of-scope was how to hunt if you have an indication that someone is poking around in your network. …
Table of Contents
- Introduction
- Detecting the Command and Control Traffic (C2)
- Endpoint Detection and Prevention
- Securing Powershell
- Threat Hunting
- Bonus
- Conclusion
Introduction
Some of you might have read the tutorials from my dear colleague Crypt0jan on how to bypass Windows Defender. That’s all fine and dandy but we’re a Purple Team and my job…
People often ask me how I analyse a Securiy Alert or incident. There really is no set way and much has to do with experience, the tools at hand and the maturity of your SOC. However there are some steps that in my opinion always work. This is by no…
An Introduction To Security Monitoring With Open Source Software
Why another post about security monitoring?
Having worked (and build) in Security Operations Centers (SOC) for many years and having observed many organizations during Chapter8’s Purple Team missions, in my experience many companies still view security monitoring as something magical and believe you need a SOC to perform this task…
