I was recently working on a Lockbit ransomware incident and I was able to recover the data from encrypted VMDK and VHDX files.
SIEM 103 — Detect Windows bruteforce part 2
This post is a follow up of the post “SIEM 102 — Detect Windows bruteforce” where I explained how to create a detection Use Case to detect a Windows bruteforce.
In this post I will explain how we can enhance the original detection logic by having a lower False Positive rate.
Why the SolarWinds hack matters
Maybe you saw the news on the SolarWinds hack. If you didn’t, you should follow me on Twitter: https://twitter.com/TristanDostaler
In this post I want to explain, in a way understandable by everyone, why this hack matters.
SIEM 202 — Detecting remote PsExec
In this post I’ll explain how to detect an attacker that uses PsExec to connect to your computer when you don’t have visibility over the attacker’s computer.