CHAVECLOAK malware detection and response with Wazuh

CHAVECLOAK malware detection and response with Wazuh

Post icon
/ Engineering
By

CHAVECLOAK malware is a Windows-based banking trojan that targets South American financial sector individuals to steal sensitive financial information. The malware is distributed through phishing emails with embedded malicious PDF attachments. CHAVECLOAK blocks user device screens, logs keystrokes, and shows fake pop-up windows. The malware monitors the victim’s endpoint and becomes active when it detects […]

Read more
Post icon
/ Engineering

CHAVECLOAK malware detection and response with Wazuh

By

CHAVECLOAK malware is a Windows-based banking trojan that targets South American financial sector individuals to steal sensitive financial information. The malware is distributed through phishing emails with embedded malicious PDF attachments. CHAVECLOAK blocks user device screens, logs keystrokes, and shows fake pop-up windows. The malware monitors the victim’s endpoint and becomes active when it detects […]

Read more
Detecting exploitation of XZ Utils vulnerability (CVE-2024-3094) with Wazuh

Detecting exploitation of XZ Utils vulnerability (CVE-2024-3094) with Wazuh

Post icon
/ Engineering
By

In March 2024, a backdoor was detected within XZ Utils, earning the designation CVE-2024-3094. The vulnerability has a CVSS score of 10, indicating its potential for critical impact if exploited. The vulnerability affects XZ versions 5.6.0 and 5.6.1 and presents a serious threat to endpoints that run Unix-like operating systems.  Previously, we detailed how to […]

Read more
Post icon
/ Engineering

Detecting exploitation of XZ Utils vulnerability (CVE-2024-3094) with Wazuh

By

In March 2024, a backdoor was detected within XZ Utils, earning the designation CVE-2024-3094. The vulnerability has a CVSS score of 10, indicating its potential for critical impact if exploited. The vulnerability affects XZ versions 5.6.0 and 5.6.1 and presents a serious threat to endpoints that run Unix-like operating systems.  Previously, we detailed how to […]

Read more
Threat hunting using inventory data collected by Wazuh

Threat hunting using inventory data collected by Wazuh

Post icon
/ Engineering
By and

Wazuh detects threats and intruders in your system, undesired software, or incorrect parameters on a process. Learn how to create custom rules based on the system information of Wazuh agents.

Read more
Post icon
/ Engineering

Threat hunting using inventory data collected by Wazuh

By and

Wazuh detects threats and intruders in your system, undesired software, or incorrect parameters on a process. Learn how to create custom rules based on the system information of Wazuh agents.

Read more
Integrating Mimecast with Wazuh

Integrating Mimecast with Wazuh

Post icon
/ Engineering
By

Mimecast is an email security and management platform that protects emails against cyber threats such as malware, phishing, and spam. Email remains one of the most prevalent attack vectors for cybercriminals seeking to infiltrate organizations and spread malware. Its widespread use makes it a top target for various malicious activities. Mimecast provides organizations with features […]

Read more
Post icon
/ Engineering

Integrating Mimecast with Wazuh

By

Mimecast is an email security and management platform that protects emails against cyber threats such as malware, phishing, and spam. Email remains one of the most prevalent attack vectors for cybercriminals seeking to infiltrate organizations and spread malware. Its widespread use makes it a top target for various malicious activities. Mimecast provides organizations with features […]

Read more
Filtering security data with the Wazuh Query Language

Filtering security data with the Wazuh Query Language

Post icon
/ Engineering
By

The Wazuh Query Language (WQL) simplifies security data filtering in the Wazuh dashboard with its user-friendly format. With the use of a specialized querying language like Wazuh Query Language, security analysts can analyze and query security log data, enabling effective detection and response to security threats. WQL provides a solution for navigating complex datasets, allowing […]

Read more
Post icon
/ Engineering

Filtering security data with the Wazuh Query Language

By

The Wazuh Query Language (WQL) simplifies security data filtering in the Wazuh dashboard with its user-friendly format. With the use of a specialized querying language like Wazuh Query Language, security analysts can analyze and query security log data, enabling effective detection and response to security threats. WQL provides a solution for navigating complex datasets, allowing […]

Read more
Detecting Living Off the Land attacks with Wazuh

Detecting Living Off the Land attacks with Wazuh

Post icon
/ Engineering
By

Living Off the Land (LOTL) attacks are a cyber threat technique in which attackers leverage existing, legitimate tools and features within an environment to conduct malicious activities. This approach allows attackers to blend in with normal system activity, making detection by conventional security measures more challenging.  The solution to LOTL attacks is to use a […]

Read more
Post icon
/ Engineering

Detecting Living Off the Land attacks with Wazuh

By

Living Off the Land (LOTL) attacks are a cyber threat technique in which attackers leverage existing, legitimate tools and features within an environment to conduct malicious activities. This approach allows attackers to blend in with normal system activity, making detection by conventional security measures more challenging.  The solution to LOTL attacks is to use a […]

Read more
Kuiper ransomware detection and response with Wazuh

Kuiper ransomware detection and response with Wazuh

Post icon
/ Engineering
By

The Kuiper ransomware is a strain of ransomware written in Golang that encrypts data on various endpoints such as Windows, macOS, and Linux in exchange for money.  It utilizes a combination of RSA, ChaCha20, and AES encryption algorithms to encrypt files on infected endpoints. Specifically, it employs RSA for key exchange, ChaCha20 for initial encryption, […]

Read more
Post icon
/ Engineering

Kuiper ransomware detection and response with Wazuh

By

The Kuiper ransomware is a strain of ransomware written in Golang that encrypts data on various endpoints such as Windows, macOS, and Linux in exchange for money.  It utilizes a combination of RSA, ChaCha20, and AES encryption algorithms to encrypt files on infected endpoints. Specifically, it employs RSA for key exchange, ChaCha20 for initial encryption, […]

Read more
Detecting XZ Utils vulnerability (CVE-2024-3094) with Wazuh

Detecting XZ Utils vulnerability (CVE-2024-3094) with Wazuh

Post icon
/ Engineering
By and

XZ Utils is a widely utilized suite of command-line tools for lossless data compression on virtually all Unix-like operating systems, including Linux. Among its prominent components are xz and lzma, useful in compressing files, distributing packages, and managing backups.  Andres Freund discovered a backdoor within XZ Utils, specifically in the liblzma library, and reported it […]

Read more
Post icon
/ Engineering

Detecting XZ Utils vulnerability (CVE-2024-3094) with Wazuh

By and

XZ Utils is a widely utilized suite of command-line tools for lossless data compression on virtually all Unix-like operating systems, including Linux. Among its prominent components are xz and lzma, useful in compressing files, distributing packages, and managing backups.  Andres Freund discovered a backdoor within XZ Utils, specifically in the liblzma library, and reported it […]

Read more
Monitoring PostgreSQL database with Wazuh

Monitoring PostgreSQL database with Wazuh

Post icon
/ Engineering
By

PostgreSQL is an open source, highly stable database management system that uses several features to securely store and scale data workloads. PostgreSQL is supported by major operating systems such as Linux, macOS, Microsoft Windows, FreeBSD, OpenBSD, and Solaris. It is primarily used by users, organizations, and businesses to store data for mobile applications, websites, analytics […]

Read more
Post icon
/ Engineering

Monitoring PostgreSQL database with Wazuh

By

PostgreSQL is an open source, highly stable database management system that uses several features to securely store and scale data workloads. PostgreSQL is supported by major operating systems such as Linux, macOS, Microsoft Windows, FreeBSD, OpenBSD, and Solaris. It is primarily used by users, organizations, and businesses to store data for mobile applications, websites, analytics […]

Read more
Detecting and responding to Phobos ransomware using Wazuh

Detecting and responding to Phobos ransomware using Wazuh

Post icon
/ Engineering
By

Phobos ransomware has become a growing concern due to its tactics in targeting state and territorial governments. The ransomware group compromises Windows endpoints using phishing as the primary method to gain initial entry, deploying covert payloads such as SmokeLoader and Cobalt Strike. Also, attackers exploit vulnerable networks by scanning and brute-forcing open Remote Desktop Protocol […]

Read more
Post icon
/ Engineering

Detecting and responding to Phobos ransomware using Wazuh

By

Phobos ransomware has become a growing concern due to its tactics in targeting state and territorial governments. The ransomware group compromises Windows endpoints using phishing as the primary method to gain initial entry, deploying covert payloads such as SmokeLoader and Cobalt Strike. Also, attackers exploit vulnerable networks by scanning and brute-forcing open Remote Desktop Protocol […]

Read more
Integrating Wazuh with Fluentd for unified logging

Integrating Wazuh with Fluentd for unified logging

Post icon
/ Engineering
By and

Wazuh introduced the Fluentd module, which allows the forwarding of information to a Fluentd server. Gain more security visibility on your system today.

Read more
Post icon
/ Engineering

Integrating Wazuh with Fluentd for unified logging

By and

Wazuh introduced the Fluentd module, which allows the forwarding of information to a Fluentd server. Gain more security visibility on your system today.

Read more
Deploying Wazuh agents using Windows Group Policy Objects (GPO)

Deploying Wazuh agents using Windows Group Policy Objects (GPO)

Post icon
/ Engineering
By and

In this case, we will learn how to deploying the Wazuh agent on a Windows Active Directory infrastructure using Group Policy Objects (GPO).

Read more
Post icon
/ Engineering

Deploying Wazuh agents using Windows Group Policy Objects (GPO)

By and

In this case, we will learn how to deploying the Wazuh agent on a Windows Active Directory infrastructure using Group Policy Objects (GPO).

Read more
Keep up to date
with our digest of articles