When you investigate a malicious site opening or malicious file download, oftentimes you want to find out how your user got there. Checking the referrer information in proxy logs is one of the most trivial things to do if you want to identify the root cause, the initial site. Unfortunately, there …

I have recently started to make some basic research with osquery. I investigated some malware infections in the past and I decided that I’m going to take a look at them with osquery as well. I was curious how much data I can retrieve with osquery and how much I will benefit from its usage. I …

Recently, a friend of mine has asked for my help in an investigation. In his SIEM system, he saw that a machine generated some DNS sinkhole events, but he couldn’t find the originally requested DNS by the host. The events were generated because the machine tried to resolve a DNS hostname which …