Recent
Digging Tunnels - Hunting Adversarial Cloudflared Instances
·1998 words·10 mins
Ransomware affiliates have long since abused Cloudflared tunnels to maintain persistent access to compromised environments. These tunnels can be utilized as a strong indicator of compromise when examined at-scale.
The Big List of Malware Analysis Tools
·2517 words·12 mins
A continually evolving knowledgebase of things I’ve found pertinent as a threat and security operations analyst, specifically focusing on malware analysis.
Chainsaw Hunt & Rules
·3715 words·18 mins
Chainsaw’s hunt feature, along with Chainsaw’s rule engine, is an excellent way to hunt for evil at scale and create reusable, maintainable queries for rapid triage. We will apply this to both simulated red team engagements and real world compromises to detect lateral movement, Impacket, and even ASP.NET compromises.
Chainsaw Search
·2225 words·11 mins
A brief introduction to Chainsaw’s search feature and the document tagging engine, Tau, that WithSecure released in the most recent major Chainsaw update. We will discuss and demystify some of the nuance of Tau’s query behavior, and apply these to hands on examples of simple queries that can be utilized to detect evil across numerous event logs with high fidelity.
Obfuscation: An Open-Source Nightmare
·1809 words·9 mins
Discussing obfuscation and its effect on the broader open-source supply chain.