Lower email spoofing incidents (and make your marketing team happy) with BIMI
Introduction Over the last couple of years, we saw the amount of phishing attacks skyrocket. According to F5, a multi-cloud security and application provider, there was a 220% increase of incidents...
View ArticleDeTT&CT: Automate your detection coverage with dettectinator
Introduction Last year, I published an article on mapping detection to the MITRE ATT&CK framework using DeTT&CT. In the article, we introduced DeTT&CT and explored its features and usage....
View ArticleOneNote Embedded file abuse
In recent weeks OneNote has gotten a lot of media attention as threat actors are abusing the embedded files feature in OneNote in their phishing campaigns. In this post we will analyze this new way of...
View ArticleCortex XSOAR Tips & Tricks – Leveraging dynamic sections – number widgets
Introduction Cortex XSOAR is a security oriented automation platform, and one of the areas where it stands out is customization. A recurring problem in a SOC is data visualization, analysts can be...
View ArticleOneNote Embedded URL Abuse
Whilst Microsoft is fixing the embedded files feature in OneNote I decided to abuse a whole other feature. Embedded URLs. Turns out this is something they may also have to fix.
View ArticleThe SOC Toolbox: Analyzing AutoHotKey compiled executables
A quick post on how to extract AutoHotKey scripts from an AutoHotKey script compiled executable.
View ArticleXOR Known-Plaintext Attacks
In this blog post, we show in detail how a known-plaintext attack on XOR encoding works, and automate it with custom tools to decrypt and extract the configuration of a Cobalt Strike beacon. If you are...
View ArticleData Connector Health Monitoring on Microsoft Sentinel
Introduction Security information and event management (SIEM) tooling allows security teams to collect and analyse logs from a wide variety of sources. In turn this is used to detect and handle...
View ArticleRPC or Not, Here We Log: Preventing Exploitation and Abuse with RPC Firewall
Welcome, readers, to the first installment of our blog series "Preventing Exploitation and Abuse with the RPC Firewall".In this post, we'll delve into how to create rules for the RPC firewall and how...
View ArticleScaling your threat hunting operations with CrowdStrike and PSFalcon
Introduction Most modern day EDRs have some sort of feature which allows blue teamers to remotely connect to hosts with an EDR agent/sensor installed, to aid in their investigation of incidents. In...
View Article
More Pages to Explore .....