Fabian – Page 2

Who the hæck?Attribution in cybersecurity

By Fabian

While we are getting used to hearing news on a daily basis about hacking attacks, much less do we read … More Who the hæck?Attribution in cybersecurity →

HowTo, Infosec

SRPs block malware, but what if things stop working?

By Fabian

As I wrote in my last post on lateral movement, using AppLocker or Software Restriction Policies (SRPs) to avoid the … More SRPs block malware, but what if things stop working? →

Infosec

Hello, somebody there? Or: The difficulty of detecting lateral movement

By Fabian

Lateral Movement is a key technique for attackers: Once they entered your infrastructure, the next step is to look around … More Hello, somebody there? Or: The difficulty of detecting lateral movement →

Infosec

Which layer for encryption? Which for VPNs?

By Fabian

As more people work from home, VPNs are in peak season. Recently I discussed with a network engineer the advantages … More Which layer for encryption? Which for VPNs? →

HowTo

Life-saving Excel shortcuts

By Fabian

Recently on Twitter someone asked security professionals which tools they use most for their day-to-day tasks. Someone said “Excel” and … More Life-saving Excel shortcuts →

HowTo, Infosec

Analyze Emotet and Trickbot with NetworkMiner and Suricata

By Fabian

As I explained in the previous post, NetworkMiner and Suricata are a great combination for performing quick and straightforward network … More Analyze Emotet and Trickbot with NetworkMiner and Suricata →

HowTo, Infosec

Quick and easy setup for NetworkMiner and Suricata to perform network forensics

By Fabian

Many people know Suricata as network intrusion detection (IDS) system, i.e. acting on live traffic; many people know NetworkMiner as … More Quick and easy setup for NetworkMiner and Suricata to perform network forensics →

Infosec

Sysmon v11.10 reads Alternate Data Streams

By Fabian

A few days ago, the new version 11.10 of Sysinternals Sysmon was released. Despite the minor version increase from 11.0 … More Sysmon v11.10 reads Alternate Data Streams →

Infosec

Collection of Windows commands abused by attackers

By Fabian

Only recently I stumbled upon a slightly dated but still relevant post published on the Japanese CERT blog: Windows Commands … More Collection of Windows commands abused by attackers →

HowTo, Infosec, Python

Script to enumerate Windows events with name, ID, security monitoring recommendation, URL

By Fabian

When setting up and tuning a SIEM solution, you will write a lot of rules to detect well-known and arising … More Script to enumerate Windows events with name, ID, security monitoring recommendation, URL →

Blog

take infosec, mix with culture, sprinkle some spice, enjoy.

Author: Fabian

Who the hæck?Attribution in cybersecurity

SRPs block malware, but what if things stop working?

Hello, somebody there? Or: The difficulty of detecting lateral movement

Which layer for encryption? Which for VPNs?

Life-saving Excel shortcuts

Analyze Emotet and Trickbot with NetworkMiner and Suricata

Quick and easy setup for NetworkMiner and Suricata to perform network forensics

Sysmon v11.10 reads Alternate Data Streams

Collection of Windows commands abused by attackers

Script to enumerate Windows events with name, ID, security monitoring recommendation, URL