Blog / Engineering / Blackbit ransomware detection with Wazuh
Blackbit ransomware is a variant of the LokiLocker ransomware. It utilizes sophisticated techniques to encrypt and obstruct data recovery. The ransomware is built on the Ransomware-as-a-service (RaaS) model. RaaS is...
Blog / Engineering / CrossLock ransomware detection with Wazuh
CrossLock ransomware is a recent strain of ransomware developed using the Go programming language, making it harder to reverse engineer. The ransomware is capable of infecting several platforms, including Windows...
Blog / Engineering / Monitoring SFX archives with Wazuh
Our new blog post shows how to detect SFX archives exhibiting suspicious behavior with Wazuh.
Blog / Engineering / How to detect Active Directory attacks with Wazuh [Part 2 of 2]
In this blog post, we continue showing how Wazuh can detect some common Active Directory attacks using Windows security logs.
Blog / Engineering / How to detect Active Directory attacks with Wazuh [Part 1 of 2]
This blog shows how Wazuh can detect some common Active Directory attacks using Windows security logs and events captured on Sysmon.
Blog / Engineering / Detecting Lockbit 3.0 ransomware with Wazuh
Lockbit ransomware uses a broad range of techniques to target organizations worldwide. Check our new blog post to learn how to detect Lockbit 3.0 ransomware with Wazuh