Summary The previous post Monitoring for Windows Event Logs and the Untold Story of proper ELK Integration, explained how to leverage monitoring of Windows Event Log through Elasticsearch while using Kibana Winlogbeat and Logstash. The blog post also provided a list of Windows Event Log records (based on their functionality and […]
Read MoreMonitoring for Windows Event Logs and the Untold Story of proper ELK Integration
Summary I have been searching online for some time now for any information about the proper method for monitoring Windows Event Log records via Elasticsearch. Nonetheless, there are several blogs that explain how to accomplish this process including some documentation from the Elastic team. However, each one provides a small […]
Read MoreTechnical Analysis of the Malspam Pushing Kovter Payload & Nemucode Ransomware – Part II
Summary The analysis in part II is the ongoing analysis from part I blog post. If you haven’t had a chance the read through part I, I would highly encourage you to do so before going through part II. Going through part I first will give you the information that you need to […]
Read MoreTechnical Analysis of the Malspam Pushing Kovter Payload & Nemucode Ransomware – Part I
Summary On July 3, 2017, Myonlinesecurity (Twitter @dvk01uk) reported a new spam campaign targeting organizations around the world with a new Nemucod ransomware and a Kovter payload. The victims that were targeted in this campaign received a phishing email from “UPS Parcel” service. The email also included a ZIP file attachment and the […]
Read MoreDiscovering Process Hollowing Injection in Memory – DarkComet Use Case
Summary DarkComet Remote Administration/Access Tool (RAT) is an application that provides remote access and administration to remote systems. Typically, the creators of this RAT can determine its capabilities during the creation process. However, some of the common DarkComet capabilities include (and are not limited to) keylogging of system and keyboard […]
Read More