All Stories

OpenCTI RSS feed support

RSS feed support in OpenCTI

In threat intelligence, Sep 16, 2023
OpenCTI RSS feed support

Threat Intelligence Platform - OpenCTI

What?

In threat intelligence, Jul 06, 2023
Threat Intelligence Platform - OpenCTI

Turla

Why Turla?

In threat hunting, May 19, 2023
Turla

Analysis of the current malware - Icedid

In threat hunting, Mar 19, 2023
Analysis of the current malware - Icedid

Malware statistics to ELK

I’ve been somewhat busy lately and hadn’t had much time to write anything to the blog unfortunately. I also have had some issues in thinking of good topics as I don’t want to get stuc...

In threat hunting, Feb 16, 2023
Malware statistics to ELK

Hunting for msbuild based execution

Why?

In threat hunting, Jan 21, 2023
Hunting for msbuild based execution

AsyncRAT

In threat hunting, Jan 08, 2023
AsyncRAT

HTML Smuggling - how does it look like?

In threat hunting, Dec 18, 2022
HTML Smuggling - how does it look like?

MDE/MDI/MDO365 advanced hunt queries to ELK

I’ve been using Jupyter Notebook for quite sometime in threat hunting and incident response purposes. It is great as it offers the python data analytic tools to be used with the data ...

In threat hunting, Nov 28, 2022
MDE/MDI/MDO365 advanced hunt queries to ELK

Qakbot

Qakbot - anything new on a recent sample?

In threat hunting, Nov 22, 2022
Qakbot

Featured

  1. Hunting for Windows Subsystem for Linux based attacks
    In threat hunting,
  2. The DFIR thing
    In dfir,
  3. OpenCTI RSS feed support
    In threat intelligence,
  4. Threat Intelligence Platform - OpenCTI
    In threat intelligence,