+49 6074 728 42 36 info@bsk-consulting.de

The Best Possible Monitoring with Sigma Rules

Some of you may already have heard of Sigma, a generic approach for signatures used in SIEM systems. Its main purpose is to provide a structured form in which researchers or analysts can describe their once developed detection methods and make them shareable with...

Not All IOC Scanning Is the Same

In the recent months I had several talks with friends and coworkers about IOC scanning and how to integrate IOCs from threat intel feeds into our scanners or other products that our customers already use. People often tell me that EDR or client management product X...

How to Write Simple but Sound Yara Rules – Part 3

It has been a while since I wrote „How to Write Simple but Sound Yara Rules – Part 2“. Since then I changed my rule creation method to generate more versatile rules that can also be used for in-memory detection. Furthermore new features were added to...

How to Write Simple but Sound Yara Rules – Part 2

Months ago I wrote a blog article on „How to write simple but sound Yara rules“. Since then the mentioned techniques and tools have improved. I’d like to give you a brief update on certain Yara features that I frequently use and tools that I use to...

APT Detection is About Metadata

People often ask me, why we changed the name of our scanner from „IOC“ to „APT“ scanner and if we did that only for marketing reasons. But don’t worry, this blog post is just as little a sales pitch as it is an attempt to create a new...