Submitting the form

All results for 'Eva Lopez'

Showing 12 of 43 results

How to configure Rsyslog client to send events to Wazuh

Blog / Engineering / How to configure Rsyslog client to send events to Wazuh

Rsyslog is a high-performance, versatile log processing system commonly used in UNIX and Linux environments. It is responsible for handling log messages generated by various system components and applications. It...

Integrating Amazon Macie in Wazuh

Blog / Engineering / Integrating Amazon Macie in Wazuh

Amazon offers many tools to monitor the status of its services. A good example is Amazon Macie, aimed at the surveillance of stored data. This is a resource of enormous...

Detecting Metasploit attacks

Blog / Engineering / Detecting Metasploit attacks

...suspicious processes: root@DC-1:/# ps -eo user,pid,cmd | grep www-data www-data 4428 sh -c php -r 'eval(base64_decode(Lyo8P3B));' www-data 4429 php -r eval(base64_decode(Lyo8P3B)); Also, we can find an open connection for the...

Adversary emulation on AWS with Stratus Red Team and Wazuh

Blog / Engineering / Adversary emulation on AWS with Stratus Red Team and Wazuh

...# ./stratus warmup aws.defense-evasion.cloudtrail-event-selectors # ./stratus detonate aws.defense-evasion.cloudtrail-event-selectors Cleanup the infrastructure At the end of the emulation, use the following command to destroy all the infrastructure created: $ ./stratus cleanup...

Ensuring NIS2 compliance with Wazuh

Blog / Engineering / Ensuring NIS2 compliance with Wazuh

...assessments are continuously validated. Evaluation of security measures effectiveness: Wazuh generates detailed reports on configuration compliance, allowing organizations to regularly evaluate the effectiveness of their security measures. By identifying misconfigurations,...

Using Wazuh to detect Raspberry Robin worms

Blog / Engineering / Using Wazuh to detect Raspberry Robin worms

Raspberry Robin is an evasive Windows worm that spreads using removable drives. After infecting a system, it uses the Windows msiexec.exe utility to download its payload hosted on compromised QNAP...

Detecting Lockbit 3.0 ransomware with Wazuh

Blog / Engineering / Detecting Lockbit 3.0 ransomware with Wazuh

...been in existence for three years, and during this period it has been upgraded twice to include new forms of infection and evasion techniques. Lockbit 3.0 is the latest version,...

Web shell attack detection with Wazuh

Blog / Engineering / Web shell attack detection with Wazuh

...base64() and gzdeflate() functions to obfuscate commands by encoding and compressing them into unreadable formats. Then, use the eval() or assert() function to parse the data decoded with base64_decode() and...

Hunting for suspicious Windows LNK files with Wazuh XDR

Blog / Engineering / Hunting for suspicious Windows LNK files with Wazuh XDR

...trigger alerts when the Wazuh server detects Windows shortcuts with suspicious signatures: <group name="windows_shortcut,"> <rule id="110003" level="12"> <decoded_as>raw_json</decoded_as> <field name="lnk_data.command_line_arguments" type="pcre2">(?i)cmd|powershell|psexec|MSHTA|bitsadmin|certutil|vbc|csc|del|echo|tasklist|rundll32|regsvr32|%COMSPEC%|Assembly\.Load|\[Reflection\.Assembly\]::Load|\.dll|\.scr|\.pif|http|https|ftp|ServerXMLHTTP|\.url|cdn.|\b\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}\b|\.ps1|invoke|\[Convert\]|FromBase|-exex|-nop|-noprofile|-noni|-enc|-decode|-accepteula|hidden|bypass|javascript|jscript|vbscript|wscript|cscript|\.js|\.vb|\.wsc|\.wsh|\.wsf|\.sct|\.cmd|\.hta|\.bat|ActiveXObject|eval|\.7z|\.zip|\.cab|\.iso|\.rar|\.tar|\.bz2|\.lzh|\.dat|expand|makecab|winword|exel|powerpnt|\.rtf|\.doc|\.dot|\.xls|\.xla|\.csv|\.ppt|\.pps|\.xml|\.pdf|%PDF|\.swf|\.fws|setlocal|EnableExtensions|DisableDelayedExpansion|process call</field> <description>Suspicious Windows shortcut "$(lnk_data.file_path)" with malicious artifacts. Possible...

How to detect and mitigate Panchan botnet using Wazuh

Blog / Engineering / How to detect and mitigate Panchan botnet using Wazuh

...legitimate systemd service /lib/systemd/system/systemd-worker.service to evade suspicion. This service runs upon system restart to maintain persistence of the Panchan botnet. root@ubuntu-2204:/home/ubuntu# find /lib/ /bin/ -name systemd-worker* -type f /lib/systemd/system/systemd-worker.service /bin/systemd-worker...

No results for 'Eva Lopez'

Please make sure that all words are spelled correctly.