Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Windows

graylog

Graylog Illuminate: Getting Started with Sysmon

Jul 19, 2021 By Jeff Darrington In Graylog

The Windows System Monitor (Sysmon) is one of the chattiest tools. With all the information coming in, it can be difficult and expensive to use it efficiently. However, the Graylog Illuminate package gives you a way to fine-tune it so that you can get better data and manage your ingestion rate better. Sysmon gives you awareness of what’s going on in your endpoints.

Read Post
elastic

ProblemChild: Generate alerts to detect living-off-the-land attacks

Jun 8, 2021 By Apoorva Joshi In Elastic

In an earlier blog post, we spoke about building your own ProblemChild framework from scratch in the Elastic Stack to detect living off the land (LOtL) activity. As promised, we have now also released a fully trained detection model, anomaly detection configurations, and detection rules that you can use to get ProblemChild up and running in your environment in a matter of minutes.

Read Post
elastic

How attackers abuse Access Token Manipulation (ATT&CK T1134)

Apr 20, 2021 By Will Burgess In Elastic

In our previous blog post on Windows access tokens for security practitioners, we covered: Having covered some of the key concepts in Windows security, we will now build on this knowledge and start to look at how attackers can abuse legitimate Windows functionality to move laterally and compromise Active Directory domains. This blog has deliberately attempted to abstract away the workings of specific Windows network authentication protocols (e.g., NTLM and Kerberos) where possible.

Read Post

Enhancing Event Log Analysis with EvtxEcmd using KAPE

Apr 9, 2021 By Kroll In Kroll
How much time are you spending manually parsing and sorting event logs? With EvtxECmd, digital forensics professionals can optimize Windows event log analysis through its unique mapping feature. Created by Eric Zimmerman, EvtxECmd can be called via the EZParser module in KAPE (another tool created by Eric Zimmerman) to process thousands of events in seconds and create structured CSV files that are much easier to read and manipulate.
View Video
manageengine

Dangerous defaults that put your IT environment at risk: IT security under attack

Feb 18, 2021 By Log360 In ManageEngine

In this blog in the “IT security under attack” series, we wanted to shed some light on an unfamiliar and seldom discussed topic in IT security: the default, out-of-the-box configurations in IT environments that may be putting your network and users at risk. Default settings, and why the initial configuration is not the most secure

Read Post
manageengine

IT security under attack: Credential dumping attacks in Windows environments

Jan 21, 2021 By Log360 In ManageEngine

Most of the time, threat actors in the cybersecurity landscape don’t employ advanced techniques and tools to intrude and establish a foothold within networks. Often, they disguise malicious operations by mimicking the activities of legitimate users, leaving behind little to no footprint. Blending malicious actions with day-to-day IT activities helps attackers maintain a low profile and remain undetected for a longer period.

Read Post
threatspike

Exploring NTFS Alternate Data Streams from a security standpoint

Jan 13, 2021 By Konstantinos Koukas In ThreatSpike

In this blog we will explore several ways that Alternate Data Streams (ADS) are abused by attackers to hide files and evade detection, defences based on them (and ways to bypass those defences!) but also how they can be used to help malware evade dynamic analysis.

Read Post
Subscribe to Windows

Copyright © 2024 OpsMatters™. All rights reserved.