Submitting the form

All results for 'John Olatunde'

Showing 8 of 8 results

Monitoring root actions on Linux using Auditd and Wazuh

Blog / Engineering / Monitoring root actions on Linux using Auditd and Wazuh

...key="audit-wazuh-c" type=EXECVE msg=audit(1574420226.095:1325): argc=2 a0="touch" a1="/tmp/malicious_file" Example If we run the following commands: [John@wazuhmanager ~]id uid=1001(John) gid=1001(John) groups=1001(John),10(wheel) context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 [John@wazuhmanager ~]sudo ls /etc [sudo] password for John: bin boot dev...

Adversary emulation with CALDERA and Wazuh

Blog / Engineering / Adversary emulation with CALDERA and Wazuh

Introduction Adversary emulation plays an important role in identifying the Tactics, Techniques, and Procedures (TTP) used by threat actors. CALDERA™ is a cybersecurity framework developed by MITRE, which allows cyber...

Detecting PsExec usage with Wazuh

Blog / Engineering / Detecting PsExec usage with Wazuh

Introduction PsExec is a part of Sysinternals command line tools named PsTools. It facilitates system administration and can execute processes on local and remote systems. While PsExec is not malicious,...

Detecting and removing WhisperGate malware

Blog / Engineering / Detecting and removing WhisperGate malware

WhisperGate is a destructive file-wiper malware that is being used in a campaign targeting Ukrainian organizations. The malware targets Windows devices, corrupts the Master Boot Record (MBR), and the hard...

Detecting Follina (CVE-2022-30190) attack with Wazuh

Blog / Engineering / Detecting Follina (CVE-2022-30190) attack with Wazuh

...clone https://github.com/JohnHammond/msdt-follina.git cd msdt-follina We generate the corrupted file and set up the CnC server with the following command. Replace <CnC_IP_Address> with the IP address of the Ubuntu CnC server....

No results for 'John Olatunde'

Please make sure that all words are spelled correctly.