The Windows event logs are a powerful funnel point for identifying hackers that leverage Windows accounts for access, lateral movement, and in other attack stages. In this edition of #TeckTalkTuesday, we explore logs within the advanced audit policy settings you can add to your threat hunting and incident response program to uncover attacker use of both domain-joined and local Windows accounts.
Vulnerabilities are unavoidable. And while patches serve as permanent fixes for vulnerabilities, it’s not always possible to patch systems due to operational constraints. In this edition of #TeckTalkTuesday, we explore what you can do to protect yourself when you can’t immediately patch using three industrial security CVEs disclosed last week.
This week’s #TechTalkTuesday continues the WiFi penetration testing thread from last week and explores how to build a Kali OS Raspberry Pi setup for under $100. We talk through the install process and also explore comparable prebuilt options.
Wireless networks are a key part of many corporate and home networks. In this edition of #TechTalkTuesday, we explore what wireless network attacks look like, and then cover four you can detect wireless attacks in your threat hunting and other cybersecurity efforts.
NIST’s Incident Handling Model and SANS’ PICERL Incident Response Model outline best practices when responding to active cybersecurity threats. In this edition of #TechTalkTuesday, we discuss each model and important considerations for incident responders at each phase.
Registry run key persistence is a popular technique used by APT37, Dragonfly, APT41 and many other attackers. In this edition of #TechTalkTuesday, we talk through the basics of run key persistence, how groups have used it, and how to look for run key persistence through your threat hunting, cybersecurity, and cyber threat intelligence efforts.
Windows’ PowerShell event logs provide insight into script execution throughout the life of a malicious script. In this edition of #techtalktuesday we explore the lifecycle of PowerShell events and how you can enhance your threat hunting and cybersecurity program with the PowerShell event logs.
Last week we explored the basics of Yara and how to write string rules. This week’s #techtalktuesday explores how to write binary pattern rules in Yara to enhance your threat hunting, digital forensics, incident response, and cybersecurity program. We walk through a few examples of binary rules and explore how to leverage Yara to discover malware and hacking activity.
Yara adds the ability for cybersecurity analysts to quickly and accurately find malware samples during threat hunting and digital forensics/incident response situations. In this edition of #TechTalkTuesday, we cover how to get started using Yara and how to write simple Yara rules.
DLL load order hijacking allows hackers to hijack applications and compromise critical systems. This week’s #TechTalkTuesday covers what DLL search order hijacking is, how nation-state hackers used the technique in the past to compromise systems, and how to find DLL hijacking in your threat hunting, incident response, and other cybersecurity operations.
