Monitoring Windows resources with Performance Counters

by Dario Menten

Post icon
/ Engineering

Windows Performance Counters provide an in-depth and consistent interface for collecting different types of system data such as processor, memory, and disk usage statistics. Performance counters can be used to monitor system resources and performance. This blog post describes how...

Read more
Post icon
/ Engineering

Monitoring Windows resources with Performance Counters

Windows Performance Counters provide an in-depth and consistent interface for collecting different types of system data such as processor, memory, and disk usage statistics. Performance counters can be used to...

Read more

Detecting Cobalt Strike beacons using Wazuh

by Chris Bassey

Post icon
/ Engineering

Cobalt strike is a red team command and control framework used for adversary emulation. Due to its functionality and flexibility, it has been widely adopted by both red teams and threat actors. Multiple threat actors such as APT29, APT32, APT...

Read more
Post icon
/ Engineering

Detecting Cobalt Strike beacons using Wazuh

Cobalt strike is a red team command and control framework used for adversary emulation. Due to its functionality and flexibility, it has been widely adopted by both red teams and...

Read more

Monitoring commonly abused Windows utilities

by Francis Timilehin Jeremiah

Post icon
/ Engineering

It is commonly known that malware abuses native Windows utilities to achieve the attacker’s nefarious goals. For example, a native utility like Vssadmin can be abused by ransomware to inhibit system recovery (T1490) of a Windows endpoint. This blog post...

Read more
Post icon
/ Engineering

Monitoring commonly abused Windows utilities

It is commonly known that malware abuses native Windows utilities to achieve the attacker’s nefarious goals. For example, a native utility like Vssadmin can be abused by ransomware to inhibit...

Read more

Monitoring Windows task scheduler to detect attack persistence

by Awwal Ishiaku

Post icon
/ Engineering

The Windows task scheduler is a tool in the Windows operating system that launches programs and executes predefined scripts at scheduled times or after specified time intervals. While Windows Task Scheduler is not malicious, adversaries can abuse this utility to...

Read more
Post icon
/ Engineering

Monitoring Windows task scheduler to detect attack persistence

The Windows task scheduler is a tool in the Windows operating system that launches programs and executes predefined scripts at scheduled times or after specified time intervals. While Windows Task...

Read more

Detecting XLL files used for dropping FIN7 JSSLoader with Wazuh

by Chris Bassey

Post icon
/ Engineering

JSSLoader is a remote access trojan by the Russian FIN7 hacking group. There has been an increase in the number of JSSLoader infections this year. These infections have been utilizing Microsoft Excel add-in files (XLL files) to drop the JSSLoader...

Read more
Post icon
/ Engineering

Detecting XLL files used for dropping FIN7 JSSLoader with Wazuh

JSSLoader is a remote access trojan by the Russian FIN7 hacking group. There has been an increase in the number of JSSLoader infections this year. These infections have been utilizing...

Read more

Detecting Pandora Ransomware with Wazuh

by Openime Oniagbi

Post icon
/ Engineering

Pandora Ransomware gained notoriety in March 2022 when DENSO, a well-known giant in the automotive industry was compromised. After this, several malware researchers analyzed Pandora samples and agree that it is a variant of Rook ransomware, a well-known malware that...

Read more
Post icon
/ Engineering

Detecting Pandora Ransomware with Wazuh

Pandora Ransomware gained notoriety in March 2022 when DENSO, a well-known giant in the automotive industry was compromised. After this, several malware researchers analyzed Pandora samples and agree that it...

Read more

Keep up to date with
our digest of articles