Tag Archives: thor
Threat Intel CSV Lookup in Splunk

Splunk Threat Intel IOC Integration via Lookups

Today most security teams have access to a lot of different information sources. On the one hand they collect log data from different sources and try to correlate them in a useful way in so-called SIEM systems. On the other hand they receive threat information from different sources like APT reports, public or private feeds […]

2 Comments Continue Reading →
Signature Matching sethc.exe

Inverse Yara Signature Matching (Part 1/2)

During our investigations we encountered situations in which attackers replaced valid system files with other system files to achieve persistence and establish a backdoor on the systems. The most frequently used method was the replacement of the „sethc.exe“ with the valid command line „cmd.exe“ to establish a backdoor right in logon screen by pressing shift […]

1 Comment Continue Reading →
Splunk Security Monitoring

Incident Response Consulting

In den vergangenen Monaten konnten wir mehrere Kunden bei der Bewältigung und Behandlung massiver Angriffe unterstützen. Zufällige Entdeckungen im Kundennetz zeigten in allen Fällen nur die „Spitze es Eisbergs“ größerer und länger andauernder Attacken. Nachdem ein Security Incident als solcher bestätigt wird, ist die erste Frage, die sich stellt, die nach dem Umfangs des Angriffs oder […]

Leave a comment Continue Reading →