pub

Threat hunting is a popular topic these days, and there are a lot of people who want to get started but don’t know how. What should they hunt for? How should they perform the hunts? What data will they need to collect? Source: The ThreatHunting Project @ June 17, 2016…

Read More

Over the years we’ve seen practically exponential growth in the underground economy. Criminals are organizing their efforts online on a scale we haven’t seen before. Source: Zero Day Auction for the Masses @ June 02, 2016 at 07:29AM 0

Read More

MITRE is well-known for its work in leading communities in the standardization of threat and vulnerability information. Source: ATT&CK Use Cases @ May 21, 2016 at 10:27AM 0

Read More

One of the Default Rules in AppLocker allows everyone to execute everything in the folder C:\Windows. The reasoning behind this must have been that a non-admin Windows-user should not have write permissions anywhere in that folder. But as it turns out that is not the case. Source: AppLocker Bypass Checker…

Read More

JSUNPACK A Generic JavaScript Unpacker CAUTION: jsunpack was designed for security researchers and computer professionals Use NoScript, a limited user account and a virtual machine and be safe(r)! Source: A Generic JavaScript Unpacker @ May 19, 2016 at 10:13AM 0

Read More

You can use Windows security and system logs to record and store collected security events so that you can track key system and network activities to monitor potentially harmful behaviors and to mitigate those risks. You customize system log events by configuring auditing. Source: Security Audit Policy Reference @ May…

Read More

Group Policy Object and Group Policy template files for EMET 5.5 policies are included in the SHB. EMET is one way of enabling anti-exploitation features in Windows. Enabling anti-exploitation features is on of IAD’s Top 10 mitigation strategies. EMET 5.5 added official support for Windows 10. Source: iadgov/Secure-Host-Baseline @ May…

Read More

PowerShell Remoting is the recommended way to manage Windows systems. PowerShell Remoting is enabled by default in Windows Server 2012 R2. This document covers security concerns, recommendations, and best practices when using PowerShell Remoting. Source: PowerShell Remoting Security Considerations @ May 01, 2016 at 12:19PM 0

Read More