Hunting The Empire
Empire tool is one of the post-exploitation frameworks with an HTTP module; attackers can use it for various malicious […]
Event Categories and Recommended UseCase (Part two)
This post is part two of Event Categories and Recommended UseCase, you can see part one : The guidelines provided […]
Splunk Configuration file precedence
How does Splunk prioritize and merge the configuration files? When editing configuration files, it is important to understand how Splunk […]
Malware Playbook
Incident-specific playbooks provide incident managers and stakeholders with a consistent approach to follow when remediating a cyber incident. Playbooks describe […]
Splunk Queries for Detecting Anomalous URIs in Web Traffic
Prior to having a presence on the network, attackers are unlikely to be able to disguise web shell traffic as […]
Event Categories and Recommended UseCase(Part1)
The guidelines provided in this article help SOC professionals in understanding and respond to security monitoring requirements in a more […]
Understanding Cyber Threat Intelligence
Understanding Intelligence Intelligence is the processed and classified information that is elucidated by expert analysts. It is extracted from all […]
Sentinel-Attack
Tools To Rapidly Deploy A Threat Hunting Capability On Azure Sentinel That Leverages Sysmon And MITRE ATT&CK Sentinel ATT&CK aims […]