LATERAL MOVEMENT.pdf
2.2 MB
📚Detecting Lateral Movement through Tracking Event Logs
تشخیص Lateral Movement از طریق ردیابی گزارش رویداد
@hypersec
#LterralMovement
#Detection
شرکت دانش بنیان سورین
تشخیص Lateral Movement از طریق ردیابی گزارش رویداد
@hypersec
#LterralMovement
#Detection
شرکت دانش بنیان سورین
⚙️ lynis
security auditing tool for UNIX based systems like Linux, macOS, BSD and more.
ابزار ممیزی امنیتی برای سیستم های مبتنی بر یونیکس مانند لینوکس، macOS، BSD و غیره. این یک اسکن امنیتی عمیق را انجام می دهد و توصیه هایی برای تقویت بیشتر سیستم می دهد. همچنین اطلاعات کلی سیستم، بسته های نرم افزاری آسیب پذیر و مشکلات پیکربندی احتمالی را اسکن می کند.
• Compliance testing (eg ISO27001, PCI-DSS, HIPAA).
• Automated security audit
• Vulnerability detection
🔗 https://github.com/CISOfy/lynis
@hypersec
#linux #audit #detection
#soorin
شرکت دانش بنیان سورین
security auditing tool for UNIX based systems like Linux, macOS, BSD and more.
ابزار ممیزی امنیتی برای سیستم های مبتنی بر یونیکس مانند لینوکس، macOS، BSD و غیره. این یک اسکن امنیتی عمیق را انجام می دهد و توصیه هایی برای تقویت بیشتر سیستم می دهد. همچنین اطلاعات کلی سیستم، بسته های نرم افزاری آسیب پذیر و مشکلات پیکربندی احتمالی را اسکن می کند.
• Compliance testing (eg ISO27001, PCI-DSS, HIPAA).
• Automated security audit
• Vulnerability detection
🔗 https://github.com/CISOfy/lynis
@hypersec
#linux #audit #detection
#soorin
شرکت دانش بنیان سورین
GitHub
GitHub - CISOfy/lynis: Lynis - Security auditing tool for Linux, macOS, and UNIX-based systems. Assists with compliance testing…
Lynis - Security auditing tool for Linux, macOS, and UNIX-based systems. Assists with compliance testing (HIPAA/ISO27001/PCI DSS) and system hardening. Agentless, and installation optional. - CISOf...
🔏Hunting & Detecting Remcos RAT with Splunk & Sysmon
🔗https://sakshamtushar.notion.site/Hunting-Detecting-Remcos-RAT-with-Splunk-Sysmon-947cd3c1988b4aba983bcaa6ce7d8897
#splunk #sysmon #detection
تیم سورین
🔗https://sakshamtushar.notion.site/Hunting-Detecting-Remcos-RAT-with-Splunk-Sysmon-947cd3c1988b4aba983bcaa6ce7d8897
#splunk #sysmon #detection
تیم سورین
sakshamtushar on Notion
Hunting & Detecting Remcos RAT with Splunk & Sysmon | Notion
Employing Dynamic Analysis over a live Remcos RAT malware sample to research and develop counter-detection strategies.
For 4697 EventID: A service was installed in the system
1. Monitor for all events where “Service File Name” is not located in %windir% or “Program Files/Program Files (x86)” folders. Typically new services are located in these folders.
2. check “Service Type” equals “0x1 (Kernel Driver)”, “0x2 (File System Driver)” or “0x8 (Recognizer Driver)”. These service types start first and have almost unlimited access to the operating system from the beginning of operating system startup. These types are rarely installed.
3. check “Service Start Type” equals “0 (Boot)” or “1 (System)”. These service start types are used by drivers, which have unlimited access to the operating system.
4. check “Service Start Type” equals “4”. It is not common to install a new service in the Disabled state.
5. check “Service Account” not equals “localSystem”, “localService” or “networkService” to identify services which are running under a user account.
Credit by : Ahmadreza Norouzi
#SOC #UseCase #Detection
تیم سورین
Please open Telegram to view this post
VIEW IN TELEGRAM
Linkedin
#Security_Monitoring_Recommendations: | Ahmadreza Norouzi
#Security_Monitoring_Recommendations:
For 4697 EventID: A service was installed in the system
1. Monitor for all events where “Service File Name” is not located in %windir% or “Program Files/Program Files (x86)” folders. Typically new services are located…
For 4697 EventID: A service was installed in the system
1. Monitor for all events where “Service File Name” is not located in %windir% or “Program Files/Program Files (x86)” folders. Typically new services are located…