Blog / Engineering / Detecting XZ Utils vulnerability (CVE-2024-3094) with Wazuh
XZ Utils is a widely utilized suite of command-line tools for lossless data compression on virtually all Unix-like operating systems, including Linux. Among its prominent components are xz and lzma,...
Blog / Engineering / Detecting and removing WhisperGate malware
WhisperGate is a destructive file-wiper malware that is being used in a campaign targeting Ukrainian organizations. The malware targets Windows devices, corrupts the Master Boot Record (MBR), and the hard...
Blog / Engineering / Detecting PsExec usage with Wazuh
Introduction PsExec is a part of Sysinternals command line tools named PsTools. It facilitates system administration and can execute processes on local and remote systems. While PsExec is not malicious,...
Blog / Engineering / Adversary emulation with CALDERA and Wazuh
Introduction Adversary emulation plays an important role in identifying the Tactics, Techniques, and Procedures (TTP) used by threat actors. CALDERA™ is a cybersecurity framework developed by MITRE, which allows cyber...
Blog / Engineering / Emulation of ATT&CK techniques and detection with Wazuh
Introduction Attacks emulation plays an important role in identifying the Techniques, Tactics, and Procedures (TTP) used by adversaries. Projects like Atomic Red Team (ART) can help automate the emulation while...