As more people work from home, VPNs are in peak season. Recently I discussed with a network engineer the advantages and disadvantages of IPsec VPNs versus TLS-based VPNs. With this discussion in mind

A few days ago, the new version 11.10 of Sysinternals Sysmon was released. Despite the minor version increase from 11.0 it ships with an exciting new feature: Reading NTFS Alternate Data Streams

Only recently I stumbled upon a slightly dated but still relevant post published on the Japanese CERT blog: Windows Commands Abused by Attackers. The list is separated into the different attack

DNS – the Domain Name System – is a main cornerstone of the internet. Whenever you are browsing to a website, chances are high that your request will first go to one of the 1091 (as of

A common task when working with a SIEM is to onboard new technologies: In order to discover and alert on hackers attacking your new cloud instance|shopping website|password vault you need to see the

While the white-collar world was hastily relocating into the home office, IT departments were busy getting their hands on all remaining laptops, setting up VPN client software, and hoping that

In the past I wrote a blog post about Process Explorer to find hidden threats on potentially compromised systems. As I said back then, Process Explorer is part of a suite called Sysinternals, which