Process Hacker is a free and powerful tool for identifying the behaviors associated with an application. In this edition of #TechTalkTuesday, we explore the features of process hacker and discuss how you can use it during your threat hunting and incident response efforts within your cybersecurity program.
Tech Talk Tuesday
User agents are a core part of the HTTP specification and can baseline user activity and behaviors while cyber threat hunting or performing incident response. In this edition of #TechTalkTuesday, we provide an overview of user agents, how to detect three known enumeration tools, and how to detect unknown malicious behavior using user agent analysis.
In this edition of #TechTalkTuesday we explore Window’s advanced audit logging for network connections and talk about how you can leverage Window’s built-in features to discover attackers. We explore success and error event IDs to examine connections, packets, and ports associated with applications and lower-level protocols.
The Windows event logs are a powerful funnel point for identifying hackers that leverage Windows accounts for access, lateral movement, and in other attack stages. In this edition of #TeckTalkTuesday, we explore logs within the advanced audit policy settings you can add to your threat hunting and incident response program to uncover attacker use of both domain-joined and local Windows accounts.
Vulnerabilities are unavoidable. And while patches serve as permanent fixes for vulnerabilities, it’s not always possible to patch systems due to operational constraints. In this edition of #TeckTalkTuesday, we explore what you can do to protect yourself when you can’t immediately patch using three industrial security CVEs disclosed last week.
Registry run key persistence is a popular technique used by APT37, Dragonfly, APT41 and many other attackers. In this edition of #TechTalkTuesday, we talk through the basics of run key persistence, how groups have used it, and how to look for run key persistence through your threat hunting, cybersecurity, and cyber threat intelligence efforts.