Blog / Engineering / Detecting exploitation of XZ Utils vulnerability (CVE-2024-3094) with Wazuh
...virtualenv pwntools # Download vulnerable XZ package cd ~ git clone https://github.com/awwalquan/xz-archive.git cd xz-archive/5.6/ tar xzf xz-5.6.0.tar.gz mv xz-5.6.0 ~ export RPM_ARCH=$(uname -m) cd ~ # Replace the content of...
Blog / Engineering / Detecting Log4Shell with Wazuh
The Apache Log4J is one of the most common logging libraries in Java, mainly used for error messages. It is part of several high valued applications including iCloud, Twitter, and...
Blog / Engineering / Analyzing ModSecurity events with Wazuh
In this blog post, we explain how to analyze ModSecurity events with Wazuh. Wazuh is a unified XDR and SIEM solution. It can be used to collect, analyze and correlate...
Blog / Engineering / Detecting PwnKit (CVE-2021-4034) with Wazuh
Polkit (formerly PolicyKit) is a component for controlling system-wide privileges in Unix-like operating systems. It provides an organized way for non-privileged processes to communicate with privileged ones. In contrast to...
Blog / Engineering / Using Wazuh and TheHive for threat protection and incident response
Wazuh is a unified SIEM and XDR platform that you can use to protect your infrastructure. A SIEM is essential to security operations, and in many instances, Security Operations Centers...
Blog / Engineering / Detecting Spring4Shell (CVE-2022-22965) with Wazuh
A remote code execution (RCE) vulnerability that affects the Spring Java framework has been discovered. The vulnerability is dubbed Spring4Shell or SpringShell by the security community. It has the designation...
Blog / Engineering / Monitoring Windows task scheduler to detect attack persistence
The Windows task scheduler is a tool in the Windows operating system that launches programs and executes predefined scripts at scheduled times or after specified time intervals. While Windows Task...
Blog / Engineering / Detecting Follina (CVE-2022-30190) attack with Wazuh
A remote code execution vulnerability affecting Microsoft Windows Support Diagnostic Tool (MSDT) was observed to be exploited as early as May 2022. The vulnerability is dubbed Follina and has the...
Blog / Engineering / Detecting illegitimate crypto miners on Linux endpoints
Crypto miners are programs that utilize computer resources to mine cryptocurrency. Mining is the process that several cryptocurrencies use to generate new coins and verify new transactions. Crypto miners usually...
Blog / Engineering / Auditing Kubernetes with Wazuh
Kubernetes is an open source platform that helps in managing the automation of container applications. Kubernetes deploys and manages applications in multiple nodes that run in a cluster for scalability....
Blog / Engineering / Integrating Cisco Secure Endpoint with Wazuh
In this blog post, we combine the capabilities of Cisco Secure Endpoint with the versatility of Wazuh, a unified XDR and SIEM platform. Cisco Secure Endpoint offers cloud-delivered endpoint detection...
Blog / Engineering / Detecting keyloggers (T1056.001) on Linux endpoints
Keyloggers are spyware that monitor and record user keystrokes on endpoints. Some variants relay the recorded data to an external party or attacker, enabling threat actors to exfiltrate user credentials...