Blog / Engineering / Detecting malicious URLs using Wazuh and URLhaus
URLhaus is a project operated by abuse.ch. The purpose of the project is to collect, track, and share malware URLs, helping network administrators and security analysts to protect their networks and...
Blog / Engineering / Detecting Pandora Ransomware with Wazuh
Pandora Ransomware gained notoriety in March 2022 when DENSO, a well-known giant in the automotive industry was compromised. After this, several malware researchers analyzed Pandora samples and agree that it...
Blog / Engineering / Detecting process injection attacks with Wazuh
Process injection is a defense evasion technique used by adversaries to execute malicious code within legitimate processes. When malware runs its code in the context of another process, it can...
Blog / Engineering / Detecting Dirty Pipe vulnerability with Wazuh (CVE-2022-0847)
A vulnerability in the Linux kernel, dubbed “Dirty Pipe”, allows unprivileged users to overwrite data in read-only files. This can allow users to gain access to root privileges on the...
Blog / Engineering / Detecting hoaxshell with Wazuh
Hoaxshell is a pseudo-reverse shell that targets Windows endpoints. It is called a pseudo-reverse shell because the hoaxshell payload generates a shell that uses HTTP(S) to send commands and receive...
Blog / Engineering / Enhancing macOS protection with Wazuh
Since version 4.3.0, Wazuh introduced a new technique for collecting logs from macOS endpoints using the unified logging system (ULS). ULS is available in macOS 10.12 and later. Wazuh uses...