Defense evasion techniques are methods that threat actors use to conceal their presence, bypass security mechanisms, and operate undetected on compromised systems. By evading detection, adversaries can maintain persistence and continue malicious activity even during active monitoring or security scans. Common defense evasion methods include disabling or uninstalling security tools, tampering with event logs, obfuscating […]

ServiceNow is a cloud-based platform for IT Service Management (ITSM) that helps organizations manage digital workflows for enterprise operations. It provides a centralized system for handling incidents, changes, and requests, enabling process automation, visibility across departments, and structured response procedures. Integrating ServiceNow with Wazuh combines Wazuh threat detection and response capabilities with ServiceNow incident management. […]

Measuring performance and operational efficiency of your XDR/SIEM ensures that it runs reliably, scales effectively, and delivers timely security insights. Monitoring metrics like resource usage, connection times, and log processing helps identify bottlenecks, optimize configurations, and prevent downtime. It also ensures that threat detection and intelligence coverage remain consistent, even under high workloads. The Wazuh […]

LodaRAT is a remote access trojan (RAT) known for stealing sensitive data, executing commands, and maintaining persistence on infected systems. Commonly spread via phishing and malicious documents, it now uses advanced tactics like process injection, encrypted C2, and data exfiltration through legitimate services. Recently, a new variant of LodaRAT emerged that can steal saved passwords […]

MariaDB is an open source database system that stores and manages structured data. It is often chosen for its reliability, speed, and compatibility with MySQL. Many websites, applications, and services use MariaDB to handle data securely and efficiently. Monitoring MariaDB provides real-time visibility into database activities, helping to detect suspicious behavior, prevent unauthorized access, and […]

Dependency-Track is an open source platform that helps organizations identify and mitigate risks in their software supply chain. It achieves this by analyzing Software Bill of Materials (SBOMs), which is a detailed inventory of all software components, libraries, and modules that comprise an application. Dependency-Track can be integrated into CI/CD pipelines to analyze SBOMs generated […]

Auto-color is a stealthy Linux backdoor used in cyberattacks targeting government institutions and universities across North America and Asia. Attributed to an unknown threat actor, Auto-color is specifically designed for persistence and evasion, allowing it to remain undetected on infected systems for extended periods. The malware disguises itself as a harmless color-enhancement utility to avoid […]

Wazuh ruleset as code (RaC) introduces a DevOps-driven approach to consistently manage Wazuh threat detection and security monitoring rulesets. It allows security teams to use version control systems and CI/CD pipelines to automatically deploy Wazuh rules and decoders. This approach leverages the principles of infrastructure as code (IaC) to enable collaboration, change tracking, and rollback […]

ESET PROTECT Hub allows administrators to manage identities, licenses, and users across various ESET services from a single location. These services, including ESET PROTECT, ESET Inspect, and ESET Cloud Office Security, are designed to provide threat detection and endpoint protection solutions for businesses and individuals. Wazuh is an open source security platform designed for threat […]

Mamona is a lightweight ransomware strain that is widely available and primarily targets Windows endpoints. Unlike more sophisticated ransomware families, it operates entirely offline, encrypting files locally without any command-and-control (C2) communication or data exfiltration. This absence of network activity makes it harder to detect using network traffic analysis alone. Mamona ransomware uses custom encryption […]