Fabian – Blog

Posted in HowTo

Life-saving Excel shortcuts

Recently on Twitter someone asked security professionals which tools they use most for their day-to-day tasks. Someone said “Excel” and I found this very accurate. Excel is so versatile

Posted in HowTo, Infosec

Analyze Emotet and Trickbot with NetworkMiner and Suricata

As I explained in the previous post, NetworkMiner and Suricata are a great combination for performing quick and straightforward network forensics on captured traffic. Overview NetworkMiner provides a

Posted in HowTo, Infosec

Quick and easy setup for NetworkMiner and Suricata to perform network forensics

Many people know Suricata as network intrusion detection (IDS) system, i.e. acting on live traffic; many people know NetworkMiner as network forensics tool, i.e. acting on recorded traffic (e.g. in

Posted in Infosec

Sysmon v11.10 reads Alternate Data Streams

A few days ago, the new version 11.10 of Sysinternals Sysmon was released. Despite the minor version increase from 11.0 it ships with an exciting new feature: Reading NTFS Alternate Data Streams

Posted in Infosec

Collection of Windows commands abused by attackers

Only recently I stumbled upon a slightly dated but still relevant post published on the Japanese CERT blog: Windows Commands Abused by Attackers. The list is separated into the different attack

Posted in HowTo, Infosec, Python

Script to enumerate Windows events with name, ID, security monitoring recommendation, URL

When setting up and tuning a SIEM solution, you will write a lot of rules to detect well-known and arising security threats. If you need to protect systems running on Windows, you can use

Posted in Infosec

As DoH gains traction, some thoughts on DNS security and privacy

DNS – the Domain Name System – is a main cornerstone of the internet. Whenever you are browsing to a website, chances are high that your request will first go to one of the 1091 (as of

Posted in Python

Working on large data sets in Python

When working in IT security event monitoring, you will accumulate tons of log data which you will want to perform operations on. If you know Python, you will most likely know Pandas. When I describe

Posted in Infosec

Why you do not want to have “all” data in your SIEM

A common task when working with a SIEM is to onboard new technologies: In order to discover and alert on hackers attacking your new cloud instance|shopping website|password vault you need to see the

Posted in Infosec

Corona-induced home office: Bad for security, great for finding out who has an affair with whom

While the white-collar world was hastily relocating into the home office, IT departments were busy getting their hands on all remaining laptops, setting up VPN client software, and hoping that