Infosec – Page 2 – Purple Serendipity

Which layer for encryption? Which for VPNs?

written by Fabian

As more people work from home, VPNs are in peak season. Recently I discussed with a network engineer the advantages … More Which layer for encryption? Which for VPNs? →

HowToInfosec

Analyze Emotet and Trickbot with NetworkMiner and Suricata

written by Fabian

As I explained in the previous post, NetworkMiner and Suricata are a great combination for performing quick and straightforward network … More Analyze Emotet and Trickbot with NetworkMiner and Suricata →

HowToInfosec

Quick and easy setup for NetworkMiner and Suricata to perform network forensics

written by Fabian

Many people know Suricata as network intrusion detection (IDS) system, i.e. acting on live traffic; many people know NetworkMiner as … More Quick and easy setup for NetworkMiner and Suricata to perform network forensics →

Infosec

Sysmon v11.10 reads Alternate Data Streams

written by Fabian

A few days ago, the new version 11.10 of Sysinternals Sysmon was released. Despite the minor version increase from 11.0 … More Sysmon v11.10 reads Alternate Data Streams →

Infosec

Collection of Windows commands abused by attackers

written by Fabian

Only recently I stumbled upon a slightly dated but still relevant post published on the Japanese CERT blog: Windows Commands … More Collection of Windows commands abused by attackers →

HowToInfosecPython

Script to enumerate Windows events with name, ID, security monitoring recommendation, URL

written by Fabian

When setting up and tuning a SIEM solution, you will write a lot of rules to detect well-known and arising … More Script to enumerate Windows events with name, ID, security monitoring recommendation, URL →

Infosec

As DoH gains traction, some thoughts on DNS security and privacy

written by Fabian

DNS – the Domain Name System – is a main cornerstone of the internet. Whenever you are browsing to a … More As DoH gains traction, some thoughts on DNS security and privacy →

Infosec

Why you do not want to have “all” data in your SIEM

written by Fabian

A common task when working with a SIEM is to onboard new technologies: In order to discover and alert on … More Why you do not want to have “all” data in your SIEM →

Infosec

Corona-induced home office: Bad for security, great for finding out who has an affair with whom

written by Fabian

While the white-collar world was hastily relocating into the home office, IT departments were busy getting their hands on all … More Corona-induced home office: Bad for security, great for finding out who has an affair with whom →

Infosec

Sysmon 11.0 released: Spot hidden tracks even better

written by Fabian

In the past I wrote a blog post about Process Explorer to find hidden threats on potentially compromised systems. As … More Sysmon 11.0 released: Spot hidden tracks even better →

Purple Serendipity

Mais les braves gens n'aiment pas que l'on suive une autre route qu'eux

Category: Infosec

Which layer for encryption? Which for VPNs?

Analyze Emotet and Trickbot with NetworkMiner and Suricata

Quick and easy setup for NetworkMiner and Suricata to perform network forensics

Sysmon v11.10 reads Alternate Data Streams

Collection of Windows commands abused by attackers

Script to enumerate Windows events with name, ID, security monitoring recommendation, URL

As DoH gains traction, some thoughts on DNS security and privacy

Why you do not want to have “all” data in your SIEM

Corona-induced home office: Bad for security, great for finding out who has an affair with whom

Sysmon 11.0 released: Spot hidden tracks even better