Blog / Engineering / How to perform WordPress security assessment with Wazuh
Default configurations and security misconfigurations are commonly found in installed software and applications. A default configuration refers to the prebuilt standard configuration that ships with an application. Using the default...
Blog / Engineering / Using Wazuh rootcheck to detect Reptile rootkit
Rootkits (MITRE T1014) are malicious software with the functionality to hide files, network connections, processes, and other system artifacts. They may reside in user mode, kernel mode, or in the...
Blog / Engineering / Detecting Cobalt Strike beacons using Wazuh
Cobalt strike is a red team command and control framework used for adversary emulation. Due to its functionality and flexibility, it has been widely adopted by both red teams and...
Blog / Engineering / Detecting XLL files used for dropping FIN7 JSSLoader with Wazuh
JSSLoader is a remote access trojan by the Russian FIN7 hacking group. There has been an increase in the number of JSSLoader infections this year. These infections have been utilizing...
Blog / Engineering / Detecting and responding to malicious files using CDB lists and active response
Malicious files can serve as indicators of compromise (IOC) on endpoints where they are observed to be present. These files may end up on endpoints through various attack vectors. As...
Blog / Engineering / Deploying Wazuh agents to Windows endpoints with PDQ Deploy
Wazuh is an open source security solution that can be used for security data collection, threat detection, file integrity monitoring, endpoint protection, incident response, and compliance. The Wazuh agent is...
Blog / Engineering / Detecting known bad actors with Wazuh and AbuseIPDB
AbuseIPDB is a project that helps systems administrators, webmasters, and security analysts check and report IP addresses involved in various categories of malicious attacks. It provides an API to check and...