I was recently working on a Lockbit ransomware incident and I was able to recover the data from encrypted VMDK and VHDX files.
This post is a follow up of the post “SIEM 102 — Detect Windows bruteforce” where I explained how to create a detection Use Case to detect a Windows bruteforce.
In this post I will explain how we can enhance the original detection logic by having a lower False Positive rate.
Maybe you saw the news on the SolarWinds hack. If you didn’t, you should follow me on Twitter: https://twitter.com/TristanDostaler
In this post I want to explain, in a way understandable by everyone, why this hack matters.
In this post I’ll explain how to detect an attacker that uses PsExec to connect to your computer when you don’t have visibility over the attacker’s computer.