ad-image

Threat Hunting with Jupyter Notebooks To Detect Advanced Threats: Part 2 – Setting up Custom Queries and a Example Host Investigation Notebook

Welcome to part 2 of the threat hunting with jupyter notebook series, If you followed part 1 you should be setup and able to query MDE in a jupyter notebook using msticpy. Now lets do the exciting part, lets build some custom queries and use them to investigate a host for suspicious activity and put […]

Continue Reading

Stopping Blue Teams From Obtaining Payloads Via Browser Based Virtualisation Detection and HTML Smuggling

Introduction Red Teams and malicious actors will likely have faced the challenge of not only getting a user to click on a phishing link to deliver a payload but also ensuring that this stays undetected by blue teams. They will likely need to bypass proxy filetype based detections combined with utilising social engineering the user […]

Continue Reading

Using a database of 100 million+ breached passwords to secure a Linux server/Endpoint for an SME

Using a database of 100 million+ breached passwords to secure a Linux server/Endpoint for an SME

With the NCSCs newly recommended best practices involving having a banned password list and Microsoft recommending and even implementing their own ability to do so for any users subscribed to azure Active directory this shows how important a banned password list can be to an organisation. See more about Microsoft new recommendations here and their […]

Continue Reading