Clik here to view.
Lower email spoofing incidents (and make your marketing team happy) with BIMI
Introduction Over the last couple of years, we saw the amount of phishing attacks skyrocket. According to F5, a multi-cloud security and application provider, there was a 220% increase of incidents...
View ArticleClik here to view.
DeTT&CT: Automate your detection coverage with dettectinator
Introduction Last year, I published an article on mapping detection to the MITRE ATT&CK framework using DeTT&CT. In the article, we introduced DeTT&CT and explored its features and usage....
View ArticleClik here to view.
OneNote Embedded file abuse
In recent weeks OneNote has gotten a lot of media attention as threat actors are abusing the embedded files feature in OneNote in their phishing campaigns. In this post we will analyze this new way of...
View ArticleClik here to view.
Cortex XSOAR Tips & Tricks – Leveraging dynamic sections – number widgets
Introduction Cortex XSOAR is a security oriented automation platform, and one of the areas where it stands out is customization. A recurring problem in a SOC is data visualization, analysts can be...
View ArticleClik here to view.
OneNote Embedded URL Abuse
Whilst Microsoft is fixing the embedded files feature in OneNote I decided to abuse a whole other feature. Embedded URLs. Turns out this is something they may also have to fix.
View ArticleClik here to view.
The SOC Toolbox: Analyzing AutoHotKey compiled executables
A quick post on how to extract AutoHotKey scripts from an AutoHotKey script compiled executable.
View ArticleClik here to view.
XOR Known-Plaintext Attacks
In this blog post, we show in detail how a known-plaintext attack on XOR encoding works, and automate it with custom tools to decrypt and extract the configuration of a Cobalt Strike beacon. If you are...
View ArticleClik here to view.
Data Connector Health Monitoring on Microsoft Sentinel
Introduction Security information and event management (SIEM) tooling allows security teams to collect and analyse logs from a wide variety of sources. In turn this is used to detect and handle...
View ArticleClik here to view.
RPC or Not, Here We Log: Preventing Exploitation and Abuse with RPC Firewall
Welcome, readers, to the first installment of our blog series "Preventing Exploitation and Abuse with the RPC Firewall".In this post, we'll delve into how to create rules for the RPC firewall and how...
View ArticleClik here to view.
Scaling your threat hunting operations with CrowdStrike and PSFalcon
Introduction Most modern day EDRs have some sort of feature which allows blue teamers to remotely connect to hosts with an EDR agent/sensor installed, to aid in their investigation of incidents. In...
View Article
