Blog / Engineering / LimeRAT detection and response with Wazuh
LimeRAT is an open source malicious remote access trojan (RAT) that is designed to provide attackers with control over an infected system. It is a powerful and versatile RAT that targets Windows operating systems. LimeRAT can operate as ransomware, a cryptocurrency miner, an information stealer, a keystroke logger, and a computer worm. The malware is […]
Blog / Engineering / Meduza Stealer detection and mitigation with Wazuh
Meduza Stealer is a malware that is designed solely for comprehensive data theft. It is a powerful stealer that targets Windows operating systems. It steals system information and a wide range of browser-related information. These include sensitive login credentials, browsing history, saved bookmarks, crypto wallet extensions, password managers, and 2FA (two-factor authentication) extensions. Once stolen […]
Blog / Engineering / How to detect and mitigate Panchan botnet using Wazuh
Panchan is a new botnet written in Golang. It leverages built-in Golang goroutines features for flexibility in the malware infection and execution within Linux distributions. It infects Linux endpoints on a network by performing dictionary attacks against SSH credentials. The Panchan botnet also spreads across a network and maintains persistence upon gaining access. In this […]
Blog / Engineering / Detect Lightning Framework malware using Wazuh
In this blog post, we identify Indicators of Compromise (IoC) for the Lightning Framework and detect the activity of the malware using Wazuh.
Blog / Engineering / OpenSSL 3.0 vulnerability audit using Wazuh
OpenSSL is a popular open source cryptography library. Applications that secure communication over computer networks use OpenSSL to implement SSL (Secure Socket Layer) and TLS (Transport Layer Security). OpenSSL provides different utility functions, such as generating public and private keys to initiate secure communications.
Blog / Engineering / Monitoring Linux resource usage with Wazuh
In this blog post, we describe how to use Wazuh in monitoring Linux system resource usage and in turn, maintain security.
Blog / Engineering / Nmap and ChatGPT security auditing with Wazuh
Nmap (network mapper) is an open source security scanner used for network exploration and security auditing. It identifies endpoints and services within a network and provides a comprehensive network map. The network mapper is commonly referred to as the Swiss army knife of networking due to its many interesting capabilities to gather information from endpoints […]