In the realm of Windows security, special logon privileges play a crucial role in managing user permissions and maintaining system integrity. These privileges enable specific actions that can significantly impact the security posture of a system. In this blog post, we will explore various special logon privileges, their descriptions, and practical examples to illustrate their…
Read moreMITRE ATT&CK Top techniques & sub-techniques 2023
MITRE ATT&CK provides a framework for classifying attacker tactics, techniques, and procedures (TTPs). Each year, security researchers analyze real-world attacks to identify the most prevalent techniques and sub-techniques used by adversaries. By understanding these top techniques and sub-techniques, security professionals can prioritize their defenses and focus on the areas most likely to be targeted by…
Read moreDefending Against Mail Spoofing: Technical Solutions for Enhanced Email Security & Disabling SMTP Relaying
Introduction: In today’s digital landscape, mail spoofing poses a significant threat to individuals and organizations. It allows malicious actors to forge email headers, deceiving recipients into believing the messages are legitimate. To safeguard against such attacks, implementing technical solutions becomes crucial. In this article, we will explore several measures that can enhance your email security…
Read moreDetecting Webshells with Sysmon: A Technical Analysis
Introduction: Webshells are malicious scripts or programs that attackers deploy on web servers to gain unauthorized access and control. Detecting these webshells is crucial for maintaining the security of web applications and protecting sensitive data. In this article, we will explore how Sysmon, a powerful Windows system monitoring tool, can be utilized to detect and…
Read moreIncident report Sample for SOC
How to Write a Comprehensive Incident Report The details to be reported at the time of a breach are : Download Sample report :
Read moreHow to Use MITRE ATT&CK in SOC
Using MITRE ATT&CK in a Security Operations Center (SOC) can greatly enhance threat detection and response capabilities. Here are the steps to effectively utilize MITRE ATT&CK framework in a SOC How to use MITRE ATT&CK in action Step 1 : Find what you looking for 🔎 Step 2 : Learn about it 📖 Step 3…
Read moreMitigating Mimikatz Attacks
Mimikatz is a crucial tool for conducting internal penetration tests and red team engagements due to its ability to extract passwords from memory in clear-text. Unfortunately, even adversaries have recognized its effectiveness and are using it in their operations. Despite Microsoft’s introduction of a security patch that can be applied to older operating systems like…
Read moreRDP Event logs tracking 4624 / 4625
Event ID 4624 is generated in the Windows Security Log when a successful logon occurs on a local computer. This event is generated on the computer that was accessed, meaning that it is the computer where the logon session was created. A related event, Event ID 4625, is generated when a logon attempt fails. The following information…
Read more