As we mentioned in the previous sessions, IoCs are crucial important for a proactive threat hunting process. Threat hunters should know most of the information of newly threats and implement them to their hunting processes. Pyramid of Pain classifies IoCs and helps us understand better the usefulness of them. TheContinue Reading
Redline is a free tool for investigation malicious activity through memory and file analysis. It has a lot of features for investigation but in this post, we will only mention searching for IoCs in the endpoint with Redline. In previous post, we created an IoC to detect WinSCP.exe. Now, weContinue Reading
In “Open Threat Exchange” post we mentioned that shared IoCs by other parties on Open Threat Exchange. Open IoCs are nice since they are manufacturer independent and can be used in a lot of different technologies for detecting threats. Viewing Existing IoCs In this post, we will mention on MandiantContinue Reading
An effective threat hunting is critical because it is hard to think like attackers and to search for the unknown in an enterprise network. This post may help organizations for an effective and successful threat hunting. Knowledge of Topology and Environment The purpose of threat hunting is to find theContinue Reading
Although Threat Hunting is nothing new, it is a very hot topic lately. Even if you have perimeter and endpoint security devices and SIEM for collecting and correlating logs from them, it is not a good way to wait for incidents coming. Without Threat Hunting, dwell time is increasing moreContinue Reading
As organizations, and security teams, we purchased many security devices for providing both network and endpoint security. However, attacks continue at the same pace, even we faced bigger attacks last year, and they are getting more sophisticated. So, what is the next step for organizations? NDR market guide was sharedContinue Reading
Unfortunately, ransomware problem is growing every day, although a lot of cases we hear and tens of articles and webinars are published about it. In this post, I try to explain the Protection processes against ransomware. Then, with more posts, I will try to explain every steps deeper. If youContinue Reading
Do you want your partners trust you directly? Well, do you trust your third party partners directly? When adversaries are in, they always check different ways to reach more places. So, if one of your trusted third party connection got hacked, it means that there is just a short timeContinue Reading
SmartVision is the lateral movement detection module of the network security product (NX) of FireEye. There are too many documents and descriptions about it on FireEye’s website, so I will not touch on it here. I just want to explain what SC Killswitch is in the SmartVision configuration, since thereContinue Reading