Blog / Engineering / Detecting and removing WhisperGate malware
WhisperGate is a destructive file-wiper malware that is being used in a campaign targeting Ukrainian organizations. The malware targets Windows devices, corrupts the Master Boot Record (MBR), and the hard...
Blog / Engineering / Detecting PsExec usage with Wazuh
Introduction PsExec is a part of Sysinternals command line tools named PsTools. It facilitates system administration and can execute processes on local and remote systems. While PsExec is not malicious,...
Blog / Engineering / Adversary emulation with CALDERA and Wazuh
Introduction Adversary emulation plays an important role in identifying the Tactics, Techniques, and Procedures (TTP) used by threat actors. CALDERA™ is a cybersecurity framework developed by MITRE, which allows cyber...
Blog / Engineering / Emulation of ATT&CK techniques and detection with Wazuh
Introduction Attacks emulation plays an important role in identifying the Techniques, Tactics, and Procedures (TTP) used by adversaries. Projects like Atomic Red Team (ART) can help automate the emulation while...