Detecting Windows persistence techniques with Wazuh
Persistence techniques refer to methods attackers or malicious software use to maintain access to a compromised endpoint even after reboots, logouts, or other interruptions. These techniques...
Persistence techniques refer to methods attackers or malicious software use to maintain access to a compromised endpoint even after reboots, logouts, or other interruptions. These techniques...
Medusa is a ransomware-as-a-service (RaaS) variant, first observed in June 2021. Its operators and affiliates have impacted over 300 organizations across multiple sectors, including healthcare, education, legal, insurance, technology, and manufacturing. The ransomware is primarily delivered through phishing campaigns and the exploitation of unpatched software vulnerabilities.
Read moreMedusa is a ransomware-as-a-service (RaaS) variant, first observed in June 2021. Its operators and affiliates have impacted over 300 organizations across multiple sectors, including healthcare, education, legal, insurance, technology, and manufacturing. The ransomware is primarily delivered through phishing campaigns and the exploitation of unpatched software vulnerabilities.
Read moreSupervisory Control and Data Acquisition (SCADA) systems are essential for monitoring and controlling industrial processes. Rapid SCADA is an open source SCADA platform used for data acquisition, automation, and remote control in industrial and critical infrastructure systems. It can be deployed on Windows or Linux endpoints, making it a flexible solution for different environments. Like […]
Read moreSupervisory Control and Data Acquisition (SCADA) systems are essential for monitoring and controlling industrial processes. Rapid SCADA is an open source SCADA platform used for data acquisition, automation, and remote control in industrial and critical infrastructure systems. It can be deployed on Windows or Linux endpoints, making it a flexible solution for different environments. Like […]
Read moreImpacket is a collection of Python-based scripts designed for manipulating network protocols and exploiting Windows services. It contains several tools for remote service execution, Kerberos manipulation, Windows credential dumping, packet sniffing, and relay attacks. Although Red teamers use Impacket for authorized testing, threat actors frequently misuse it for lateral movement, privilege escalation, and data exfiltration […]
Read moreImpacket is a collection of Python-based scripts designed for manipulating network protocols and exploiting Windows services. It contains several tools for remote service execution, Kerberos manipulation, Windows credential dumping, packet sniffing, and relay attacks. Although Red teamers use Impacket for authorized testing, threat actors frequently misuse it for lateral movement, privilege escalation, and data exfiltration […]
Read moreThe Sosano backdoor emerged in late 2024 as a stealthy malware strain. It was used in a highly targeted campaign against organizations in critical sectors, including aviation, satellite communications, and transportation infrastructure. What sets the Sosano backdoor apart is its use of polyglot files – a rare and sophisticated technique that allows malware to masquerade […]
Read moreThe Sosano backdoor emerged in late 2024 as a stealthy malware strain. It was used in a highly targeted campaign against organizations in critical sectors, including aviation, satellite communications, and transportation infrastructure. What sets the Sosano backdoor apart is its use of polyglot files – a rare and sophisticated technique that allows malware to masquerade […]
Read moreCloud native security involves the practices and tools used to protect applications and infrastructures built in cloud-native technologies like microservices, containers, and orchestrators. Continuous monitoring and real-time threat detection are required to identify and mitigate unauthorized activities within cloud-native environments. By observing system behavior at runtime, security tools can detect security violations and respond to […]
Read moreCloud native security involves the practices and tools used to protect applications and infrastructures built in cloud-native technologies like microservices, containers, and orchestrators. Continuous monitoring and real-time threat detection are required to identify and mitigate unauthorized activities within cloud-native environments. By observing system behavior at runtime, security tools can detect security violations and respond to […]
Read moreSan Jose, California, March 2025 – Wazuh, the leading provider of open-source Security Information and Event Management (SIEM) and Extended Detection and Response (XDR) solutions, has partnered with Unifique, a telecommunications and IT services provider in Brazil. Founded in 1997, Unifique serves more than 776,000 customers across over 350 cities in southern Brazil. In addition […]
Read moreSan Jose, California, March 2025 – Wazuh, the leading provider of open-source Security Information and Event Management (SIEM) and Extended Detection and Response (XDR) solutions, has partnered with Unifique, a telecommunications and IT services provider in Brazil. Founded in 1997, Unifique serves more than 776,000 customers across over 350 cities in southern Brazil. In addition […]
Read moreDetecting data exfiltration is an important aspect of maintaining cybersecurity, especially when attackers leverage native system tools to evade detection. This technique, known as Living Off the Land (LOTL), involves the misuse of legitimate utilities in the operating system, making malicious activities blend with normal operations. Advanced Persistent Threat (APT) groups commonly use LOTL techniques, […]
Read moreDetecting data exfiltration is an important aspect of maintaining cybersecurity, especially when attackers leverage native system tools to evade detection. This technique, known as Living Off the Land (LOTL), involves the misuse of legitimate utilities in the operating system, making malicious activities blend with normal operations. Advanced Persistent Threat (APT) groups commonly use LOTL techniques, […]
Read morePeaklight malware is an information stealer designed to collect sensitive data from compromised endpoints. It is frequently distributed through underground channels and, in some cases, offered as a Malware-as-a-Service (MaaS). Its flexible structure and frequent updates make it a continuously evolving and potent threat, capable of bypassing conventional security measures. Peaklight leverages multiple anti-analysis mechanisms […]
Read morePeaklight malware is an information stealer designed to collect sensitive data from compromised endpoints. It is frequently distributed through underground channels and, in some cases, offered as a Malware-as-a-Service (MaaS). Its flexible structure and frequent updates make it a continuously evolving and potent threat, capable of bypassing conventional security measures. Peaklight leverages multiple anti-analysis mechanisms […]
Read moreMaintaining the security of containerized environments is an important part of modern IT infrastructure. Vulnerabilities in container images and runtime environments expose organizations to significant risks, which makes proactive vulnerability scanning an essential practice. Trivy is an open source vulnerability scanner designed for containers, filesystems, and software dependencies. It supports a range of targets including […]
Read moreMaintaining the security of containerized environments is an important part of modern IT infrastructure. Vulnerabilities in container images and runtime environments expose organizations to significant risks, which makes proactive vulnerability scanning an essential practice. Trivy is an open source vulnerability scanner designed for containers, filesystems, and software dependencies. It supports a range of targets including […]
Read moreLynx ransomware is a sophisticated malware threat that has been active since mid-2024, with over 20 victims across various industries. It primarily targets Windows operating systems, encrypting files using the Advanced Encryption Standard (AES) with a 128-bit key in CTR mode, and employs double extortion, threatening to leak stolen data. Operated by the Lynx ransomware […]
Read moreLynx ransomware is a sophisticated malware threat that has been active since mid-2024, with over 20 victims across various industries. It primarily targets Windows operating systems, encrypting files using the Advanced Encryption Standard (AES) with a 128-bit key in CTR mode, and employs double extortion, threatening to leak stolen data. Operated by the Lynx ransomware […]
Read moreWe are excited to announce the release of Wazuh 4.11.0. This release introduces a modified vulnerability detection process for CVE Numbering Authority (CNA) and updates to the Wazuh AMI and OVA base operating system. It also introduces an enhanced Wazuh Syscollector module for more accurate system inventory reports. Additionally, this release includes enhancements to FIM […]
Read moreWe are excited to announce the release of Wazuh 4.11.0. This release introduces a modified vulnerability detection process for CVE Numbering Authority (CNA) and updates to the Wazuh AMI and OVA base operating system. It also introduces an enhanced Wazuh Syscollector module for more accurate system inventory reports. Additionally, this release includes enhancements to FIM […]
Read moreSan Jose, California, February 2025 – Wazuh, the leading provider of open-source Security Information and Event Management (SIEM) and Extended Detection and Response (XDR) solutions, has partnered with Citaf Tech, a cybersecurity firm specializing in information security services. This collaboration strengthens Citaf Tech’s ability to provide Small and Medium Businesses with advanced threat detection and […]
Read moreSan Jose, California, February 2025 – Wazuh, the leading provider of open-source Security Information and Event Management (SIEM) and Extended Detection and Response (XDR) solutions, has partnered with Citaf Tech, a cybersecurity firm specializing in information security services. This collaboration strengthens Citaf Tech’s ability to provide Small and Medium Businesses with advanced threat detection and […]
Read moreOrganizations face challenges connecting Cyber Threat Intelligence (CTI) and Digital Forensics and Incident Response (DFIR) efforts. Effective collaboration between these domains is necessary for addressing threats proactively and efficiently. Yeti (Your Everyday Threat Intelligence) is an open source Forensics Intelligence platform that helps bridge the gap between CTI and DFIR efforts. It provides DFIR teams […]
Read moreOrganizations face challenges connecting Cyber Threat Intelligence (CTI) and Digital Forensics and Incident Response (DFIR) efforts. Effective collaboration between these domains is necessary for addressing threats proactively and efficiently. Yeti (Your Everyday Threat Intelligence) is an open source Forensics Intelligence platform that helps bridge the gap between CTI and DFIR efforts. It provides DFIR teams […]
Read more