• Home
  • About Jacob
  • Contact

Blog Posts Archive

  • December 2017 (2)
  • July 2017 (3)

RSS Infosec Topics

  • SYSMON – ELK Integration and Monitoring APT34 Tools
    Summary The previous post Monitoring for Windows Event Logs and the Untold Story of proper ELK Integration, explained how to leverage monitoring of Windows Event Log through Elasticsearch while using Kibana Winlogbeat and Logstash. The blog post also provided a list of Windows Event Log records (based on their functionality and […]
  • Monitoring for Windows Event Logs and the Untold Story of proper ELK Integration
    Summary I have been searching online for some time now for any information about the proper method for monitoring Windows Event Log records via Elasticsearch. Nonetheless, there are several blogs that explain how to accomplish this process including some documentation from the Elastic team. However, each one provides a small […]
  • Technical Analysis of the Malspam Pushing Kovter Payload & Nemucode Ransomware – Part II
    Summary The analysis in part II is the ongoing analysis from part I blog post. If you haven’t had a chance the read through part I, I would highly encourage you to do so before going through part II. Going through part I first will give you the information that you need to […]
  • Technical Analysis of the Malspam Pushing Kovter Payload & Nemucode Ransomware – Part I
    Summary On July 3, 2017, Myonlinesecurity (Twitter @dvk01uk) reported a new spam campaign targeting organizations around the world with a new Nemucod ransomware and a Kovter payload. The victims that were targeted in this campaign received a phishing email from “UPS Parcel” service. The email also included a ZIP file attachment and the […]
  • Discovering Process Hollowing Injection in Memory – DarkComet Use Case
    Summary DarkComet Remote Administration/Access Tool (RAT) is an application that provides remote access and administration to remote systems. Typically, the creators of this RAT can determine its capabilities during the creation process. However, some of the common DarkComet capabilities include (and are not limited to) keylogging of system and keyboard […]

Search

Follow Me

  • facebook
  • twitter
  • linkedin

Infosec Topics

  • Home
  • About Jacob
  • Contact

Fullscreen Gallery

This is a sample caption

About Me

Masters-trained, bilingual cybersecurity expert with special focus on digital forensics, incident response, and Advanced Persistent Threats…

Contact Me

Contact

Follow Me

Stay in touch with me @

  • facebook
  • twitter
  • linkedin

Copyright © 2019 Infosec Topics

Designed by WPZOOM