Redline is a free tool for investigation malicious activity through memory and file analysis. It has a lot of features for investigation but in this post, we will only mention searching for IoCs in the endpoint with Redline. In previous post, we created an IoC to detect WinSCP.exe. Now, weContinue Reading
As we discuss before, Redline is a great tool for investigating endpoints. In this post, we will explain how to collect memory data with Redline. First, in the main page of Redline, we click on “Create a Standard Collector” button. In the opened window, we click on “Edit your script”Continue Reading
In “Open Threat Exchange” post we mentioned that shared IoCs by other parties on Open Threat Exchange. Open IoCs are nice since they are manufacturer independent and can be used in a lot of different technologies for detecting threats. Viewing Existing IoCs In this post, we will mention on MandiantContinue Reading
Open Threat Exchange is a threat intelligence platform from Alien Vault. It is not limited to use this platform to get intel information. When you register and log in to OTX, you can easily see the summary of the threats in “Subscribed Pulses” section. Let’s choose a threat, called “WiperContinue Reading
An effective threat hunting is critical because it is hard to think like attackers and to search for the unknown in an enterprise network. This post may help organizations for an effective and successful threat hunting. Knowledge of Topology and Environment The purpose of threat hunting is to find theContinue Reading
Sophos announced that analysts uncovered a new ransomware – called Epsilon Red – that developed in Go programming language. The code is placed in PowerShell script. This malicious file is written in Go programming language and a 64-bit executable file. It is said that spreading in systems by exploiting securityContinue Reading
Symantec Threat Hunter Team published a post about evidence that an increasing number of ransomware attackers are using virtual machines (VMs) in order to run their ransomware payloads on compromised computers. The purpose of using VMs on ransomware attacks is thought to hide the malicious activities. It is stated thatContinue Reading
VMware Carbon Black has published an update to resolve critical authentication bypass vulnerability on Carbon Black App Control product. App Control is a solution to lock down critical systems and servers to prevent unwanted changes and ensure continuous compliance with regulatory mandates. This authentication bypass vulnerability was followed by CVE-2021-21998.Continue Reading
Although Threat Hunting is nothing new, it is a very hot topic lately. Even if you have perimeter and endpoint security devices and SIEM for collecting and correlating logs from them, it is not a good way to wait for incidents coming. Without Threat Hunting, dwell time is increasing moreContinue Reading
Kali Linux 2021.2 is released with some new tools called Kaboxer and Kali-Tweaks and some cosmetic changes. Kaboxer provides dockers to use applications that they cannot work in newly OSs anymore or need isolation. Kali-Tweaks is a tool that makes it easy for users to configure their OS. Users canContinue Reading