Lateral Movement is a key technique for attackers: Once they entered your infrastructure, the next step is to look around … More Hello, somebody there? Or: The difficulty of detecting lateral movement
As more people work from home, VPNs are in peak season. Recently I discussed with a network engineer the advantages … More Which layer for encryption? Which for VPNs?
As I explained in the previous post, NetworkMiner and Suricata are a great combination for performing quick and straightforward network … More Analyze Emotet and Trickbot with NetworkMiner and Suricata
Many people know Suricata as network intrusion detection (IDS) system, i.e. acting on live traffic; many people know NetworkMiner as … More Quick and easy setup for NetworkMiner and Suricata to perform network forensics
A few days ago, the new version 11.10 of Sysinternals Sysmon was released. Despite the minor version increase from 11.0 … More Sysmon v11.10 reads Alternate Data Streams
Only recently I stumbled upon a slightly dated but still relevant post published on the Japanese CERT blog: Windows Commands … More Collection of Windows commands abused by attackers
When setting up and tuning a SIEM solution, you will write a lot of rules to detect well-known and arising … More Script to enumerate Windows events with name, ID, security monitoring recommendation, URL
DNS – the Domain Name System – is a main cornerstone of the internet. Whenever you are browsing to a … More As DoH gains traction, some thoughts on DNS security and privacy
A common task when working with a SIEM is to onboard new technologies: In order to discover and alert on … More Why you do not want to have “all” data in your SIEM
While the white-collar world was hastily relocating into the home office, IT departments were busy getting their hands on all … More Corona-induced home office: Bad for security, great for finding out who has an affair with whom