detection

Ingestion delay variance issues with Bins and Buckets
Ingestion delay variance …

I’m pretty sure you’ve already dealt with the ingestion delay issue if you use a SIEM with scheduled rules. There are numerous articles on the internet that explain how to handle ingestion latency without missing any events and without having your rules double-process a log. While these …

Oct 31, 2022 Read
Near-Real-Time rule restrictions
Near-Real-Time rule …

Near-Real-Time (NRT) rule is a pretty new addition to Microsoft Sentinel. There are already blog posts out there detailing the functionality of this rule type and explaining in which scenarios it can be useful. There is some information on Microsoft’s site though that left some people …

Jan 24, 2022 Read
HoneyDoc with Azure and Remote Template Injection
HoneyDoc with Azure and …

This post is to show you a practical implementation of a prototype honeytoken which is based on Remote Template Injection and Azure Function App. There are lots of honeytoken solutions on the market. You can find free options as well as expensive commercial services out there. A lot of them also …

Jan 9, 2022 Read
Ways of phishing 2 - HTML smuggling
Ways of phishing 2 - HTML …

As a sequel of my previous post, I’m going to talk a little bit about another technique used in phishing that I encountered recently. This technique is HTML smuggling. This method is not new, but it definitely appears in more and more attacks, including phishing scenarios. This is why it is so …

Apr 11, 2021 Read
Ways of phishing 1 - Remote Template Injection
Ways of phishing 1 - …

Phishing is one of the most used initial access techniques. This is the reason why most of the companies have an adequate solution to mitigate the threat of these e-mails. But this is a constant cat-and-mouse game. As defenders produce clever mitigations, attackers introduce newer yet unseen methods …

Mar 16, 2021 Read
Prompt response to ransomwares
Prompt response to …

Automation is one of the key elements of a modern Security Operation Center. In a traditional SOC without any automation, analysts have to spend a lot of time on tedious and repetitive tasks. This is really inefficient in multiple ways. The analysts can’t use their skills, they must do something …

Sep 13, 2020 Read
Hunters after ransomwares
Hunters after ransomwares

Ransomware is one of the biggest buzzwords nowadays in security. Vendors are advertising their security products by telling it can stop ransomwares, but also on the other side of the field, ransomwares, ransomware kits or services are selling pretty well. Over the last year, one could read an …

Jul 13, 2020 Read