If you have been reading our hunting series, you may have noticed that many threat hunting techniques center on network-centric data sources. Thus far, we have yet to speak about the big kahuna in our hunting tool chest. We are rectifying that right here, right now: we are going to talk about Microsoft Sysmon! In this article, we’re looking at using Sysmon to hunt for threats in endpoints.We’ll highlight some of the most valuable places to start hunting in your Windows logs.

Since the Domain Name System (DNS) protocol is foundational for internet functionality, DNS traffic is allowed to move through firewalls without much scrutiny unlike HTTPS, FTP and SMTP. Malicious actors have successfully been able to exploit this advantage to transfer data between networks, which is beyond the original intention of DNS protocol.

In today's cybersecurity landscape, traditional security tools alone are inadequate in protecting organizations from advanced threats like data breaches, insider risks, and more. To effectively address these challenges, organizations require a comprehensive solution with UEBA (user and entity behavior analytics) capabilities. Let's discover the benefits of UEBA, and the unparalleled impact Logsign’s Unified Security Operations Platform has on UEBA.

Active Directory (AD) is a critical component of many organizations’ IT infrastructure. It provides a centralized repository for user and computer accounts, as well as a variety of other services. As a result, AD is a common target for attackers and there has been no shortage of AD attacks in the headlines. In this blog post, we will dive into the depths of LLMNR and NBT-NS poisoning, understanding their mechanisms, implications, and ways to mitigate the risks they pose.

Since its launch in 2010, Microsoft Azure has been deployed to millions of organizations worldwide. Azure offers a vast array of services, including virtual machines, databases, AI and machine learning tools, analytics, networking, and storage options. Due to the global popularity of these cloud services, Keeper Security has prioritized seamless integration with Microsoft Azure.

As software systems become more intricate and the use of third-party components increases, the security risks within the software supply chain also escalate. To combat these risks, organizations are turning to the Software Bill of Materials (SBOM) as a valuable tool. This blog will guide you through the concept of SBOM and its impact on software supply chain security.

A relatively new way of strengthening your software supply chain security is to apply Supply Chain Levels for Software Artifacts (SLSA) in tandem with other tools such as software bills of materials (SBOMs), software composition analysis (SCA) for open source, and static application security testing (SAST) for proprietary code. Let’s take a look at what SLSA is and how its different levels work.