The Windows event logs are a powerful funnel point for identifying hackers that leverage Windows accounts for access, lateral movement, and in other attack stages. In this edition of #TeckTalkTuesday, we explore logs within the advanced audit policy settings you can add to your threat hunting and incident response program to uncover attacker use of both domain-joined and local Windows accounts.
Tech Talk Tuesday
Vulnerabilities are unavoidable. And while patches serve as permanent fixes for vulnerabilities, it’s not always possible to patch systems due to operational constraints. In this edition of #TeckTalkTuesday, we explore what you can do to protect yourself when you can’t immediately patch using three industrial security CVEs disclosed last week.
Registry run key persistence is a popular technique used by APT37, Dragonfly, APT41 and many other attackers. In this edition of #TechTalkTuesday, we talk through the basics of run key persistence, how groups have used it, and how to look for run key persistence through your threat hunting, cybersecurity, and cyber threat intelligence efforts.
Last week we explored the basics of Yara and how to write string rules. This week’s #techtalktuesday explores how to write binary pattern rules in Yara to enhance your threat hunting, digital forensics, incident response, and cybersecurity program. We walk through a few examples of binary rules and explore how to leverage Yara to discover malware and hacking activity.
DLL load order hijacking allows hackers to hijack applications and compromise critical systems. This week’s #TechTalkTuesday covers what DLL search order hijacking is, how nation-state hackers used the technique in the past to compromise systems, and how to find DLL hijacking in your threat hunting, incident response, and other cybersecurity operations.