BLUE TEAM

Yara

by
This entry is part 14 of 24 in the series Threat Detection Engineering

Views: 39“The pattern matching swiss knife for malware researchers (and everyone else)”  Useful Yara Resources Various Github repositories provide a wealth of examples of YARA, https://github.com/Yara-Rules/rules/tree/master/malware https://github.com/mikesxrs/Open-Source-YARA-rules/tree/masterUseful Yara Rules Repositories The DFIR Report” shares YARA rules derived from their investigations, https://github.com/The-DFIR-Report/Yara-RulesYara DFIR Report YARA in a nutshell YARA is a tool aimed at (but not limited … Read more

NIST Cybersecurity Framework (CSF) and ISO/IEC 27001

by
close up view of system hacking
This entry is part 2 of 3 in the series Cyber Security Frameworks

Views: 7NIST Cybersecurity Framework (CSF) and ISO/IEC 27001 NIST CSF Functions and Categories to ISO/IEC 27001 Annex A Controls Identify (ID) Protect (PR) Detect (DE) Respond (RS) Recover (RC) NIST SP 800-53 to ISO/IEC 27001 Annex A Controls Access Control (AC) Awareness and Training (AT) Audit and Accountability (AU) Security Assessment and Authorization (CA) Configuration … Read more

Digital Operational Resilience Act (DORA)

by
close up view of system hacking
This entry is part 3 of 3 in the series Cyber Security Frameworks

Views: 17Understanding the Digital Operational Resilience Act (DORA): A Comprehensive Overview In an era where digitalization permeates every aspect of our lives, the importance of cybersecurity and operational resilience has never been more critical. The European Union’s Digital Operational Resilience Act (DORA) stands as a landmark regulatory framework aimed at enhancing the digital operational resilience … Read more

Code Obfuscation and Deobfuscation

by
IR_002
This entry is part 13 of 17 in the series Incident Response and Forensics

Views: 32Code Obfuscation is a technique used to make a script more difficult to read by humans but allows it to function the same from a technical point of view, though performance may be slower. This is usually achieved automatically by using an obfuscation tool, which takes code as an input, and attempts to re-write … Read more

Incident Response

by
This entry is part 12 of 4 in the series Digital Forensics and Incident Response

Views: 5Incident response, also known as incident handling, is a cyber security function that uses various methodologies, tools and techniques to detect and manage adversarial attacks while minimizing impact, recovery time and total operating costs. Addressing attacks requires containing malware infections, identifying and remediating vulnerabilities, as well as sourcing, managing, and deploying technical and non-technical … Read more

Windows Event Logs

by
This entry is part 12 of 24 in the series Threat Detection Engineering

Views: 39Understanding Windows Event Logs Each entry in the Windows Event Log is an “Event” and contains the following primary components: Windows logon types and logon codes Logs with event IDs 4624 and 4625 are generated every time there is a successful or failed logon on a local computer, respectively.  In Windows, there are several … Read more

Wireshark 101 | Packet Operations

by
This entry is part 9 of 17 in the series Incident Response and Forensics

Views: 7Wireshark: Packet Operations Statistics | Summary This menu provides multiple statistics options ready to investigate to help users see the big picture in terms of the scope of the traffic, available protocols, endpoints and conversations, and some protocol-specific details like DHCP, DNS and HTTP/2. For a security analyst, it is crucial to know how to … Read more