JSSLoader is a remote access trojan by the Russian FIN7 hacking group. There has been an increase in the number of JSSLoader infections this year. These infections have been utilizing Microsoft Excel add-in files (XLL files) to drop the JSSLoader trojan to victim machines. In this blog post, we use Wazuh to detect when an […]
AbuseIPDB is a project that helps systems administrators, webmasters, and security analysts check and report IP addresses involved in various categories of malicious attacks. It provides an API to check and report an IP address for malicious activity. Wazuh supports integrating with external software using the integrator tool. Integrations are done by connecting the Wazuh manager […]
Wazuh is an open source security solution that can be used for security data collection, threat detection, file integrity monitoring, endpoint protection, incident response, and compliance. The Wazuh agent is a monitoring software deployed to endpoints to provide security visibility. In this blog post, we’ll learn how to deploy the Wazuh agent to multiple Windows […]
Malicious files can serve as indicators of compromise (IOC) on endpoints where they are observed to be present. These files may end up on endpoints through various attack vectors. As such, it is important to detect and respond to them as soon as they are downloaded. Wazuh has a file integrity monitoring (FIM) component that […]
Cobalt strike is a red team command and control framework used for adversary emulation. Due to its functionality and flexibility, it has been widely adopted by both red teams and threat actors. Multiple threat actors such as APT29, APT32, APT 41, APT19, UNC2452, FIN6 use cracked versions of Cobalt Strike in their attacks. Cobalt Strike […]
Rootkits (MITRE T1014) are malicious software with the functionality to hide files, network connections, processes, and other system artifacts. They may reside in user mode, kernel mode, or in the firmware which allows them to intercept and modify system calls in order to keep their files and processes hidden. Some malicious actors that use rootkits […]
Default configurations and security misconfigurations are commonly found in installed software and applications. A default configuration refers to the prebuilt standard configuration that ships with an application. Using the default username and/or password that comes with an application is an example of a default configuration. A misconfiguration refers to setting the configuration options in an […]
San Jose, California, January 2024 – Wazuh, the leader in open-source Security Information and Event Management (SIEM) and Extended Detection and Response (XDR) solutions, is excited to announce a strategic partnership with NetByte.AI, a pioneer in intelligent Secure SaaS Infrastructure Monitoring Solutions empowered by Artificial Intelligence (AI). This collaboration aims to deliver a holistic cybersecurity […]
Please make sure that all words are spelled correctly.