We are happy to announce that we will be sponsoring BSides San Francisco 2022, a two days event taking place on June 4th-5th this year. This is the third time we get to sponsor a BSides event, being the first two at BSides Chicago. For those who live close to San Francisco, or those who […]
Introduction By default, Docker container logs only show stdout and stderr standard streams, which are cleared when the container is destroyed. However, when non-interactive processes, like a database or web server are run, logs pertaining to these processes are generated. These logs can be collected using Docker logging drivers and saved to a file. If […]
Sysjoker is a backdoor malware that was first discovered in December 2021 by Intezer. It is sophisticated and written from scratch in C++. Sysjoker is a cross-platform malware that has Linux, Windows, and macOS variants. Possible attack vectors for Sysjoker are email attachments, malicious advertisements, and infected software. Sysjoker backdoor malware poses a big threat […]
It is commonly known that malware abuses native Windows utilities to achieve the attacker’s nefarious goals. For example, a native utility like Vssadmin can be abused by ransomware to inhibit system recovery (T1490) of a Windows endpoint. This blog post covers how Wazuh can be used to detect when some native Windows utilities are executed […]
BPFDoor is backdoor malware associated with the Chinese APT – Red Menshen. It is a highly evasive malware that targets Linux and Solaris-based systems. It is said to have been unnoticed for up to 5 years before its discovery. This malware uses a Berkeley Packet Filter (BPF) sniffer which makes it capable of sniffing all […]
This blog post shows how to integrate Wazuh with Shuffle with the out-of-the-box integration introduced in Wazuh 4.4.
We are thrilled to announce the release of Wazuh 4.7.0. This release introduces a native Maltiverse integration and improvements to the Syscollector and Vulnerability Detector modules, among other updates. Below, you can explore some of the new features and improvements of our latest release. Key highlights Maltiverse integration Wazuh 4.7.0 now features native integration with […]
CUPS (Common Unix Printing System) is a widely used printing system for Unix-like operating systems. It allows users to share printers over a network and provides a web-based interface for managing print jobs and configurations. However, in September 2024, several vulnerabilities were discovered in CUPS by Simone Margaritelli that could grant an attacker remote code […]
A Large Language Model (LLM) is an Artificial Intelligence (AI) program that recognizes, processes, and generates human-like texts. Claude Haiku is an LLM model designed by Antropic that can perform code completion, interactive chatbots, and content moderation tasks. The Claude Haiku model can be integrated as a chatbox feature in the Wazuh dashboard. Performing this […]
Running Wazuh with Docker allows for a fast and easy deploy. This post will show you how to set up an auto-scalable Wazuh cluster using Docker compose.
In this article we will learn how monitoring root actions on Linux using Auditd and Wazuh. Analyze the events reported by Audit and generate alerts.
Please make sure that all words are spelled correctly.