How To Use Process Hacker to Find Intrusions During Incident Response and Threat Hunting Engagements
How To Use Process Hacker to Find Intrusions During Incident Response and Threat Hunting Engagements https://youtu.be/vtIe3uuABKU Unmasking Malware: Your In-Depth Guide to Process Hacker for Threat Hunting In the ever-evolving […]
YARA Rules for Beginners: A Practical Guide to Threat Hunting
Master the basics of threat hunting with YARA. Our step-by-step tutorial walks you through writing your first YARA rules, from installation to using conditions and modifiers.
How to Write Yara Binary Pattern Matching Rules to Enhance Threat Hunting and Cybersecurity Ops
Level up your threat hunting skills! This guide teaches you how to write effective YARA binary rules to find malware by matching hex values, using wildcards, and mastering jumps.
How Hackers Hijack Applications Using Malicious DLLs: And How To Improve Cyber Defenses Against It
Unmask DLL load order hijacking, a stealthy attack technique used to take over trusted applications. Learn how it works and get expert tips to detect and defend against it.
How to Write Sysmon Rules: Getting Fancy(Bear) With Sysmon to Find APT Level Cyber Security Threats
Stop alert fatigue. Learn to create advanced Sysmon rules targeting Fancy Bear’s TTPs. Our step-by-step guide helps you build a high-fidelity detection system.
How to get started with Microsoft Sysinternals’ Sysmon advanced event logging
Level up your threat hunting with Sysmon. Our guide shows you how to install and configure this powerful tool to gain deep system visibility and detect advanced threats.
Threat Hunting for the Actor Behind CYBERCOM’s Recent Ukraine Report
Unlock proactive cybersecurity: Learn how to transform basic Cybercom IOCs into powerful behavioral threat hunting strategies by analyzing TTPs of threat actors like InvisiMole and their associates.
Why/How to Threat Hunting With Windows Process Creation/Termination (Event ID 4688/4689) Logs
Unmask threats with Windows Event IDs 4688 & 4689. Learn to enable Process Creation & Termination logs for powerful cybersecurity threat hunting.
How to Threat Hunt for APT33/APT38/Lazarus/Dragonfly’s Malicious Scheduled Tasks
APT33/APT38/Lazarus/Dragonfly and many other hacking groups have used scheduled tasks for both persistence and privilege escalation. In this edition of #techtalktuesday we review the fundamentals behind scheduled tasks and discuss how you can include looking for scheduled tasks in your threat hunting efforts.
One Windows Event Log ID To Rule Them All: Why You Should Hunt With Event 4624
Today, we’re diving deep into what might just be the most valuable event ID for your threat hunting arsenal: Windows Event ID 4624.