Devel Group, S.A. and Wazuh sign a partnership agreement

by Wazuh

Post icon
/ News

San Jose, California, June 2022. We are pleased to announce that Wazuh has signed a partnership agreement with Devel Group, S.A. This is a corporation dedicated to providing IT security solutions for Central America and the Caribbean. With offices in...

Read more
Post icon
/ News

Devel Group, S.A. and Wazuh sign a partnership agreement

San Jose, California, June 2022. We are pleased to announce that Wazuh has signed a partnership agreement with Devel Group, S.A. This is a corporation dedicated to providing IT security...

Read more

Detecting Cobalt Strike beacons using Wazuh

by Chris Bassey

Post icon
/ Engineering

Cobalt strike is a red team command and control framework used for adversary emulation. Due to its functionality and flexibility, it has been widely adopted by both red teams and threat actors. Multiple threat actors such as APT29, APT32, APT...

Read more
Post icon
/ Engineering

Detecting Cobalt Strike beacons using Wazuh

Cobalt strike is a red team command and control framework used for adversary emulation. Due to its functionality and flexibility, it has been widely adopted by both red teams and...

Read more

Monitoring commonly abused Windows utilities

by Francis Timilehin Jeremiah

Post icon
/ Engineering

It is commonly known that malware abuses native Windows utilities to achieve the attacker’s nefarious goals. For example, a native utility like Vssadmin can be abused by ransomware to inhibit system recovery (T1490) of a Windows endpoint. This blog post...

Read more
Post icon
/ Engineering

Monitoring commonly abused Windows utilities

It is commonly known that malware abuses native Windows utilities to achieve the attacker’s nefarious goals. For example, a native utility like Vssadmin can be abused by ransomware to inhibit...

Read more

Monitoring Windows task scheduler to detect attack persistence

by Awwal Ishiaku

Post icon
/ Engineering

The Windows task scheduler is a tool in the Windows operating system that launches programs and executes predefined scripts at scheduled times or after specified time intervals. While Windows Task Scheduler is not malicious, adversaries can abuse this utility to...

Read more
Post icon
/ Engineering

Monitoring Windows task scheduler to detect attack persistence

The Windows task scheduler is a tool in the Windows operating system that launches programs and executes predefined scripts at scheduled times or after specified time intervals. While Windows Task...

Read more

Detecting XLL files used for dropping FIN7 JSSLoader with Wazuh

by Chris Bassey

Post icon
/ Engineering

JSSLoader is a remote access trojan by the Russian FIN7 hacking group. There has been an increase in the number of JSSLoader infections this year. These infections have been utilizing Microsoft Excel add-in files (XLL files) to drop the JSSLoader...

Read more
Post icon
/ Engineering

Detecting XLL files used for dropping FIN7 JSSLoader with Wazuh

JSSLoader is a remote access trojan by the Russian FIN7 hacking group. There has been an increase in the number of JSSLoader infections this year. These infections have been utilizing...

Read more

Detecting Pandora Ransomware with Wazuh

by Openime Oniagbi

Post icon
/ Engineering

Pandora Ransomware gained notoriety in March 2022 when DENSO, a well-known giant in the automotive industry was compromised. After this, several malware researchers analyzed Pandora samples and agree that it is a variant of Rook ransomware, a well-known malware that...

Read more
Post icon
/ Engineering

Detecting Pandora Ransomware with Wazuh

Pandora Ransomware gained notoriety in March 2022 when DENSO, a well-known giant in the automotive industry was compromised. After this, several malware researchers analyzed Pandora samples and agree that it...

Read more

Meet us at BSides San Francisco 2022

by Santiago Bassett

Post icon
/ News

We are happy to announce that we will be sponsoring BSides San Francisco 2022, a two days event taking place on June 4th-5th this year. This is the third time we get to sponsor a BSides event, being the first...

Read more
Post icon
/ News

Meet us at BSides San Francisco 2022

We are happy to announce that we will be sponsoring BSides San Francisco 2022, a two days event taking place on June 4th-5th this year. This is the third time...

Read more

Keep up to date with
our digest of articles