All results for 'John Olatunde'

Showing 12 of 14 results

How to detect Active Directory attacks with Wazuh [Part 2 of 2]

In this blog post, we continue showing how Wazuh can detect some common Active Directory attacks using Windows security logs.

Monitoring root actions on Linux using Auditd and Wazuh

In this article we will learn how monitoring root actions on Linux using Auditd and Wazuh. Analyze the events reported by Audit and generate alerts.

Monitoring MariaDB server with Wazuh

MariaDB is an open source database system that stores and manages structured data. It is often chosen for its reliability, speed, and compatibility with MySQL. Many websites, applications, and services use MariaDB to handle data securely and efficiently. Monitoring MariaDB provides real-time visibility into database activities, helping to detect suspicious behavior, prevent unauthorized access, and […]

Emulation of ATT&CK techniques and detection with Wazuh

Introduction Attacks emulation plays an important role in identifying the Techniques, Tactics, and Procedures (TTP) used by adversaries. Projects like Atomic Red Team (ART) can help automate the emulation while the adversarial activities can be detected using Wazuh. The MITRE ATT&CK® framework, which stands for MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK), is a […]

Adversary emulation with CALDERA and Wazuh

Introduction Adversary emulation plays an important role in identifying the Tactics, Techniques, and Procedures (TTP) used by threat actors. CALDERA™ is a cybersecurity framework developed by MITRE, which allows cyber security teams to test their defenses. This article details how to emulate attacks on Linux and Windows endpoints with CALDERA and how to detect these […]

Detecting PsExec usage with Wazuh

Introduction PsExec is a part of Sysinternals command line tools named PsTools. It facilitates system administration and can execute processes on local and remote systems. While PsExec is not malicious, several threat actors such as Turla, Fin6, and Cleaver use it for activities such as lateral movement and privilege escalation within a network; it is […]

Detecting and removing WhisperGate malware

WhisperGate is a destructive file-wiper malware that is being used in a campaign targeting Ukrainian organizations. The malware targets Windows devices, corrupts the Master Boot Record (MBR), and the hard disk of the victim endpoint. It is designed to look like ransomware but doesn’t present a ransom recovery mechanism, which renders the device inoperable. In […]

Detecting and responding to Latrodectus malware with Wazuh

Latrodectus malware is a sophisticated malware loader that has emerged as a significant threat in recent cyberattacks targeting Windows operating systems. Latrodectus is designed to deliver payloads and execute arbitrary commands on infected systems. Its distribution has been linked to threat actors TA577 and TA578, who have employed it in various threat campaigns. It is […]

How Wazuh provides endpoint security without kernel-level access

User mode and kernel mode are two operating states within a computer system that define different levels of access and control to the hardware resources of a computer. Choosing the right mode between the two is important, as it affects the security and stability of the computer. User mode is a restricted operating environment where […]

Detecting Windows persistence techniques with Wazuh

Persistence techniques refer to methods attackers or malicious software use to maintain access to a compromised endpoint even after reboots, logouts, or other interruptions. These techniques ensure that the malware or unauthorized user remains active and can continue to execute malicious activities without re-exploitation. Common Windows persistence techniques involve modifying startup scripts, abusing scheduled tasks […]

Detecting defense evasion techniques with Wazuh

Defense evasion techniques are methods that threat actors use to conceal their presence, bypass security mechanisms, and operate undetected on compromised systems. By evading detection, adversaries can maintain persistence and continue malicious activity even during active monitoring or security scans. Common defense evasion methods include disabling or uninstalling security tools, tampering with event logs, obfuscating […]