By Dario Menten
Windows Performance Counters provide an in-depth and consistent interface for collecting different types of system data such as processor, memory, and disk usage statistics. Performance counters...
San Jose, California, June 2022. We are pleased to announce that Wazuh has signed a partnership agreement with Devel Group, S.A. This is a corporation dedicated to providing IT security solutions for Central America and the Caribbean. With offices in...
Read moreCobalt strike is a red team command and control framework used for adversary emulation. Due to its functionality and flexibility, it has been widely adopted by both red teams and threat actors. Multiple threat actors such as APT29, APT32, APT...
Read more
Detecting Cobalt Strike beacons using Wazuh
Cobalt strike is a red team command and control framework used for adversary emulation. Due to its functionality and flexibility, it has been widely adopted by both red teams and...
Read moreIt is commonly known that malware abuses native Windows utilities to achieve the attacker’s nefarious goals. For example, a native utility like Vssadmin can be abused by ransomware to inhibit system recovery (T1490) of a Windows endpoint. This blog post...
Read more
Monitoring commonly abused Windows utilities
It is commonly known that malware abuses native Windows utilities to achieve the attacker’s nefarious goals. For example, a native utility like Vssadmin can be abused by ransomware to inhibit...
Read moreThe Windows task scheduler is a tool in the Windows operating system that launches programs and executes predefined scripts at scheduled times or after specified time intervals. While Windows Task Scheduler is not malicious, adversaries can abuse this utility to...
Read more
Monitoring Windows task scheduler to detect attack persistence
The Windows task scheduler is a tool in the Windows operating system that launches programs and executes predefined scripts at scheduled times or after specified time intervals. While Windows Task...
Read moreJSSLoader is a remote access trojan by the Russian FIN7 hacking group. There has been an increase in the number of JSSLoader infections this year. These infections have been utilizing Microsoft Excel add-in files (XLL files) to drop the JSSLoader...
Read more
Detecting XLL files used for dropping FIN7 JSSLoader with Wazuh
JSSLoader is a remote access trojan by the Russian FIN7 hacking group. There has been an increase in the number of JSSLoader infections this year. These infections have been utilizing...
Read morePandora Ransomware gained notoriety in March 2022 when DENSO, a well-known giant in the automotive industry was compromised. After this, several malware researchers analyzed Pandora samples and agree that it is a variant of Rook ransomware, a well-known malware that...
Read more
Detecting Pandora Ransomware with Wazuh
Pandora Ransomware gained notoriety in March 2022 when DENSO, a well-known giant in the automotive industry was compromised. After this, several malware researchers analyzed Pandora samples and agree that it...
Read more
We are happy to announce that we will be sponsoring BSides San Francisco 2022, a two days event taking place on June 4th-5th this year. This is the third time we get to sponsor a BSides event, being the first...
Read moreKeep up to date with
our digest of articles
Wazuh will not sell, trade, lease, or rent your personal data to third parties. By subscribing, I agree to the use of my personal data in accordance with Wazuh Privacy Policy.