Archive | 2016
automation

Not All IOC Scanning Is the Same

In the recent months I had several talks with friends and coworkers about IOC scanning and how to integrate IOCs from threat intel feeds into our scanners or other products that our customers already use. People often tell me that EDR or client management product X already does IOC scanning and that we don’t need […]

Leave a comment Continue Reading →
FullSizeRender_cut

How to Fall Victim to Advanced Persistent Threats

During the last four years, I was engaged on incident response teams for several large advanced persistent threat (APT) cases involving different German corporations. In this time, we have developed methods and tools to detect compromised systems, while also planning and performing remediation. During the course of these investigations, I noticed that certain circumstances supported […]

1 Comment Continue Reading →

How to Write Simple but Sound Yara Rules – Part 3

It has been a while since I wrote „How to Write Simple but Sound Yara Rules – Part 2„. Since then I changed my rule creation method to generate more versatile rules that can also be used for in-memory detection. Furthermore new features were added to yarGen and yarAnalyzer. Binarly The most important feature of […]

Leave a comment Continue Reading →