Blog / Engineering / Detecting XLL files used for dropping FIN7 JSSLoader with Wazuh
...Image: C:\Users\chris\AppData\Local\Temp\DNAxxx.tmp CommandLine: C:\Users\chris\AppData\Local\Temp\DNAxxx.tmp CurrentDirectory: C:\Users\chris\Documents\ User: DESKTOP-PQKPK46\chris LogonGuid: {ef5984a4-0f92-624c-8023-030000000000} LogonId: 0x32380 TerminalSessionId: 1 IntegrityLevel: Medium Hashes: SHA1=CE2AA4C6A7A2235C3C9F7233933DD7CD9DD44D09,MD5=22616070ACE3C7377135EBC3B97964C5,SHA256=45FA7A26A0DBA954080147CAAB78453E7935DC4916418150A37F09B2BA263B41,IMPHASH=00000000000000000000000000000000 ParentProcessGuid: {ef5984a4-2de5-624c-1402-000000000700} ParentProcessId: 6820 ParentImage: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE The use of the...
Blog / Engineering / Detecting known bad actors with Wazuh and AbuseIPDB
AbuseIPDB is a project that helps systems administrators, webmasters, and security analysts check and report IP addresses involved in various categories of malicious attacks. It provides an API to check and...
Blog / Engineering / Deploying Wazuh agents to Windows endpoints with PDQ Deploy
Wazuh is an open source security solution that can be used for security data collection, threat detection, file integrity monitoring, endpoint protection, incident response, and compliance. The Wazuh agent is...
Blog / Engineering / Detecting and responding to malicious files using CDB lists and active response
Malicious files can serve as indicators of compromise (IOC) on endpoints where they are observed to be present. These files may end up on endpoints through various attack vectors. As...
Blog / Engineering / Detecting Cobalt Strike beacons using Wazuh
Cobalt strike is a red team command and control framework used for adversary emulation. Due to its functionality and flexibility, it has been widely adopted by both red teams and...
Blog / Engineering / Using Wazuh rootcheck to detect Reptile rootkit
Rootkits (MITRE T1014) are malicious software with the functionality to hide files, network connections, processes, and other system artifacts. They may reside in user mode, kernel mode, or in the...
Blog / Engineering / How to perform WordPress security assessment with Wazuh
Default configurations and security misconfigurations are commonly found in installed software and applications. A default configuration refers to the prebuilt standard configuration that ships with an application. Using the default...
Blog / News / Wazuh and NetByte Forge Strategic Partnership to Enhance Cybersecurity Solutions
...aims to provide comprehensive cybersecurity solutions tailored to the unique needs of businesses across various industries. Chris McWhorter, Founder & CEO of NetByte, expressed his enthusiasm about the partnership, stating,...
